]> source.dussan.org Git - nextcloud-server.git/commit
projects / nextcloud-server.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d61c8d7) | patch
Prevent downgrade attacks for apps 2094/head
authorLukas Reschke <lukas@statuscode.ch>
Fri, 11 Nov 2016 17:53:26 +0000 (18:53 +0100)
committerLukas Reschke <lukas@statuscode.ch>
Fri, 11 Nov 2016 17:53:26 +0000 (18:53 +0100)
commit7cb0df28e2d99237c92922d9bf2fd203f0f1d8c0
tree28cd0d4ba40cd24c23cf1b89152825964abf1cf0tree | snapshot
parentd61c8d74bbba9901c453a5f9be9a4ffa6cce4291commit | diff
Prevent downgrade attacks for apps

We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
lib/private/Installer.php diff | blob | history
tests/data/testapp.0.8.tar.gz [new file with mode: 0644] blob
tests/lib/InstallerTest.php diff | blob | history
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server