ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-18 20:47:57 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixing SignedNodeInfoe security issue (#2908)

Browse Source
This commit is contained in:
Michal Kit 2018-04-03 15:49:06 +01:00 committed by GitHub
parent 623eae7da1
commit 2f1b8ff23e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
node-api/src/main/kotlin/net/corda/nodeapi/internal/SignedNodeInfo.kt
View File

@ -25,7 +25,7 @@ class SignedNodeInfo(val raw: SerializedBytes<NodeInfo>, val signatures: List<Di
fun verified(): NodeInfo {
val nodeInfo = raw.deserialize()
val identities = nodeInfo.legalIdentities.filterNot { it.owningKey is CompositeKey }
require(identities.isNotEmpty()) { "At least one identity with a non-composite key needs to be specified." }
if (identities.size < signatures.size) {
throw SignatureException("Extra signatures. Found ${signatures.size} expected ${identities.size}")
}