Skip to content

Commit

Permalink
Merge pull request #291 from fans3210/master
Browse files Browse the repository at this point in the history 
fix: possible panic case if ios payment callback comes from unauthorised party
  • Loading branch information
@takecy
takecy authored Jul 10, 2024
2 parents 1e659e4 + c6ac249 commit 63ac21b
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion appstore/cert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,9 @@ func (c *Cert) extractCertByIndex(tokenStr string, index int) ([]byte, error) {
if err != nil {
return nil, err
}

if len(header.X5c) <= 0 || index >= len(header.X5c) {
return nil, errors.New("failed to extract cert from x5c header, possible unauthorised request detected")
}
certByte, err := base64.StdEncoding.DecodeString(header.X5c[index])
if err != nil {
return nil, err
Expand Down

0 comments on commit 63ac21b

Please sign in to comment.