Merge pull request #71 from aporcupine/patch-1

Explicitly check for case where SignatureValue is nil
russellhaering · Aug 28, 2021 · fb23e0a · fb23e0a
2 parents 3541f5e + ca2b448
commit fb23e0a
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/validate.go b/validate.go
@@ -268,6 +268,9 @@ func (ctx *ValidationContext) validateSignature(el *etree.Element, sig *types.Si
 	if !bytes.Equal(digest, decodedDigestValue) {
 		return nil, errors.New("Signature could not be verified")
 	}
+	if sig.SignatureValue == nil {
+		return nil, errors.New("Signature could not be verified")
+	}
 
 	// Decode the 'SignatureValue' so we can compare against it
 	decodedSignature, err := base64.StdEncoding.DecodeString(sig.SignatureValue.Data)