diff options
| author | Tobi Oetiker <tobi@oetiker.ch> | 2008-03-18 09:10:40 +0100 |
|---|---|---|
| committer | Tobi Oetiker <tobi@oetiker.ch> | 2008-03-18 09:10:40 +0100 |
| commit | a002bbdae7018d7c23f857780074ef00e3e6f31e (patch) | |
| tree | 977aceaed2d4bb1a73b47695a4d1653567d74e2f /lib/Smokeping | |
| parent | efe9d8dafd6a8bc5845eae3b4dbc172ad68aa187 (diff) | |
| download | smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.gz smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.xz | |
switch to HMAC digest to avert extension attack
Diffstat (limited to 'lib/Smokeping')
| -rw-r--r-- | lib/Smokeping/Master.pm | 6 | ||||
| -rw-r--r-- | lib/Smokeping/Slave.pm | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/lib/Smokeping/Master.pm b/lib/Smokeping/Master.pm index 6fbdcbf..bb06921 100644 --- a/lib/Smokeping/Master.pm +++ b/lib/Smokeping/Master.pm @@ -5,7 +5,7 @@ use Storable qw(nstore dclone retrieve); use strict; use warnings; use Fcntl qw(:flock); -use Digest::MD5 qw(md5_base64); +use Digest::MD5 qw(hmac_md5_hex); =head1 NAME @@ -225,7 +225,7 @@ sub answer_slave { return; } # lets make sure the we share a secret - if (md5_base64($secret.$data) eq $key){ + if (hmac_md5_hex($data,$secret) eq $key){ save_updates $cfg, $slave, $data; } else { print "Content-Type: text/plain\n\n"; @@ -237,7 +237,7 @@ sub answer_slave { my $config = extract_config $cfg, $slave; if ($config){ print "Content-Type: application/smokeping-config\n"; - print "Key: ".md5_base64($secret.$config)."\n\n"; + print "Key: ".hmac_md5_hex($config,$secret)."\n\n"; print $config; } else { print "Content-Type: text/plain\n\n"; diff --git a/lib/Smokeping/Slave.pm b/lib/Smokeping/Slave.pm index 0747860..e0e6127 100644 --- a/lib/Smokeping/Slave.pm +++ b/lib/Smokeping/Slave.pm @@ -4,7 +4,7 @@ use warnings; use strict; use Data::Dumper; use Storable qw(nstore retrieve); -use Digest::MD5 qw(md5_base64); +use Digest::HMAC_MD5 qw(hmac_md5_hex); use LWP::UserAgent; use Safe; use Smokeping; @@ -80,7 +80,7 @@ sub submit_results { Content_Type => 'form-data', Content => [ slave => $slave_cfg->{slave_name}, - key => md5_base64($slave_cfg->{shared_secret}.$data_dump), + key => hmac_md5_hex($data_dump,$slave_cfg->{shared_secret}), data => $data_dump, config_time => $cfg->{__last} || 0, ], @@ -93,7 +93,7 @@ sub submit_results { Smokeping::do_debuglog("Sent data to Server. Server said $data"); return undef; }; - if (md5_base64($slave_cfg->{shared_secret}.$data) ne $key){ + if (hmac_md5_hex($data,$slave_cfg->{shared_secret}) ne $key){ warn "WARNING $slave_cfg->{master_url} sent data with wrong key"; return undef; } |