We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit a4e2f383 authored by Brion Vibber's avatar Brion Vibber

Slightly fancier debug code for PuSH hmac mismatches -- save the post to a...

Slightly fancier debug code for PuSH hmac mismatches -- save the post to a temp file if feedsub/debug is on in config.
parent dd48bdb1
...@@ -483,11 +483,19 @@ class FeedSub extends Memcached_DataObject ...@@ -483,11 +483,19 @@ class FeedSub extends Memcached_DataObject
if ($this->secret) { if ($this->secret) {
if (preg_match('/^sha1=([0-9a-fA-F]{40})$/', $hmac, $matches)) { if (preg_match('/^sha1=([0-9a-fA-F]{40})$/', $hmac, $matches)) {
$their_hmac = strtolower($matches[1]); $their_hmac = strtolower($matches[1]);
$our_hmac = hash_hmac('sha1', $post, $this->secret); $our_hmac = hash_hmac('sha1', $post, $this->secret) . 'x';
if ($their_hmac === $our_hmac) { if ($their_hmac === $our_hmac) {
return true; return true;
} }
common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bad SHA-1 HMAC: got $their_hmac, expected $our_hmac for feed $this->uri on $this->huburi"); if (common_config('feedsub', 'debug')) {
$tempfile = tempnam(sys_get_temp_dir(), 'feedsub-receive');
if ($tempfile) {
file_put_contents($tempfile, $post);
}
common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bad SHA-1 HMAC: got $their_hmac, expected $our_hmac for feed $this->uri on $this->huburi; saved to $tempfile");
} else {
common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bad SHA-1 HMAC: got $their_hmac, expected $our_hmac for feed $this->uri on $this->huburi");
}
} else { } else {
common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bogus HMAC '$hmac'"); common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bogus HMAC '$hmac'");
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment