Skip to content

Commit 6a7ee2d

Browse files
solracsfsolracsf
committed
feat: Verify file integrity in chunks
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
1 parent 84b37d1 commit 6a7ee2d

2 files changed

Lines changed: 40 additions & 16 deletions

File tree

index.php

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -757,14 +757,26 @@ public function verifyIntegrity(): void {
757757
-----END CERTIFICATE-----
758758
EOF;
759759

760-
$validSignature = openssl_verify(
761-
file_get_contents($this->getDownloadedFilePath()),
762-
base64_decode($response['signature']),
763-
$certificate,
764-
OPENSSL_ALGO_SHA512
765-
) === 1;
766-
767-
if ($validSignature === false) {
760+
$fh = fopen($this->getDownloadedFilePath(), 'r');
761+
if ($fh === false) {
762+
throw new \Exception('Failed to open downloaded file for integrity check');
763+
}
764+
765+
$data = '';
766+
while (!feof($fh)) {
767+
$chunk = fread($fh, 8192);
768+
if ($chunk === false) {
769+
fclose($fh);
770+
throw new \Exception('Error reading file during integrity check');
771+
}
772+
$data .= $chunk;
773+
}
774+
fclose($fh);
775+
776+
$signature = base64_decode($response['signature']);
777+
778+
$validSignature = openssl_verify($data, $signature, $certificate, OPENSSL_ALGO_SHA512);
779+
if ($validSignature !== 1) {
768780
throw new \Exception('Signature of update is not valid');
769781
}
770782

lib/Updater.php

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -739,14 +739,26 @@ public function verifyIntegrity(): void {
739739
-----END CERTIFICATE-----
740740
EOF;
741741

742-
$validSignature = openssl_verify(
743-
file_get_contents($this->getDownloadedFilePath()),
744-
base64_decode($response['signature']),
745-
$certificate,
746-
OPENSSL_ALGO_SHA512
747-
) === 1;
748-
749-
if ($validSignature === false) {
742+
$fh = fopen($this->getDownloadedFilePath(), 'r');
743+
if ($fh === false) {
744+
throw new \Exception('Failed to open downloaded file for integrity check');
745+
}
746+
747+
$data = '';
748+
while (!feof($fh)) {
749+
$chunk = fread($fh, 8192);
750+
if ($chunk === false) {
751+
fclose($fh);
752+
throw new \Exception('Error reading file during integrity check');
753+
}
754+
$data .= $chunk;
755+
}
756+
fclose($fh);
757+
758+
$signature = base64_decode($response['signature']);
759+
760+
$validSignature = openssl_verify($data, $signature, $certificate, OPENSSL_ALGO_SHA512);
761+
if ($validSignature !== 1) {
750762
throw new \Exception('Signature of update is not valid');
751763
}
752764

0 commit comments

Comments
 (0)