diff options
author | Tobi Oetiker <tobi@oetiker.ch> | 2008-03-18 09:10:40 +0100 |
---|---|---|
committer | Tobi Oetiker <tobi@oetiker.ch> | 2008-03-18 09:10:40 +0100 |
commit | a002bbdae7018d7c23f857780074ef00e3e6f31e (patch) | |
tree | 977aceaed2d4bb1a73b47695a4d1653567d74e2f /lib/Smokeping/Master.pm | |
parent | efe9d8dafd6a8bc5845eae3b4dbc172ad68aa187 (diff) | |
download | smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.gz smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.xz |
switch to HMAC digest to avert extension attack
Diffstat (limited to 'lib/Smokeping/Master.pm')
-rw-r--r-- | lib/Smokeping/Master.pm | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/Smokeping/Master.pm b/lib/Smokeping/Master.pm index 6fbdcbf..bb06921 100644 --- a/lib/Smokeping/Master.pm +++ b/lib/Smokeping/Master.pm @@ -5,7 +5,7 @@ use Storable qw(nstore dclone retrieve); use strict; use warnings; use Fcntl qw(:flock); -use Digest::MD5 qw(md5_base64); +use Digest::MD5 qw(hmac_md5_hex); =head1 NAME @@ -225,7 +225,7 @@ sub answer_slave { return; } # lets make sure the we share a secret - if (md5_base64($secret.$data) eq $key){ + if (hmac_md5_hex($data,$secret) eq $key){ save_updates $cfg, $slave, $data; } else { print "Content-Type: text/plain\n\n"; @@ -237,7 +237,7 @@ sub answer_slave { my $config = extract_config $cfg, $slave; if ($config){ print "Content-Type: application/smokeping-config\n"; - print "Key: ".md5_base64($secret.$config)."\n\n"; + print "Key: ".hmac_md5_hex($config,$secret)."\n\n"; print $config; } else { print "Content-Type: text/plain\n\n"; |