[Zope-Checkins] CVS: ZODB3/ZEO/zrpc - smac.py:1.38.6.2
Jeremy Hylton
jeremy at zope.com
Fri Sep 19 15:01:29 EDT 2003
Update of /cvs-repository/ZODB3/ZEO/zrpc
In directory cvs.zope.org:/tmp/cvs-serv25006/ZEO/zrpc
Modified Files:
Tag: Zope-2_7-branch
smac.py
Log Message:
Fix security problem in ZEO authentication code.
There were two serious bugs:
- The smac layer would accept a message without a MAC even after the
session key was established.
- The client never initialized its session key, so it never checked
incoming messages or created MACs for outgoing messags.
Fixed both, but still need to change the smac layer so that it has
separate HMAC objects for each end of the connection.
=== ZODB3/ZEO/zrpc/smac.py 1.38.6.1 => 1.38.6.2 ===
--- ZODB3/ZEO/zrpc/smac.py:1.38.6.1 Mon Sep 15 19:21:59 2003
+++ ZODB3/ZEO/zrpc/smac.py Fri Sep 19 15:01:28 2003
@@ -150,16 +150,18 @@
inp = "".join(inp)
offset = 0
- expect_mac = 0
+ has_mac = 0
while (offset + msg_size) <= input_len:
msg = inp[offset:offset + msg_size]
offset = offset + msg_size
if not state:
msg_size = struct.unpack(">I", msg)[0]
- expect_mac = msg_size & MAC_BIT
- if expect_mac:
+ has_mac = msg_size & MAC_BIT
+ if has_mac:
msg_size ^= MAC_BIT
msg_size += 20
+ elif self.__hmac:
+ raise ValueError("Received message without MAC")
state = 1
else:
msg_size = 4
@@ -174,7 +176,7 @@
# incoming call to be handled. During all this
# time, the __input_lock is held. That's a good
# thing, because it serializes incoming calls.
- if expect_mac:
+ if has_mac:
mac = msg[:20]
msg = msg[20:]
if self.__hmac:
@@ -245,7 +247,7 @@
def message_output(self, message):
if __debug__:
if self._debug:
- log('message_output %d bytes: %s' %
+ log("message_output %d bytes: %s" %
(len(message), short_repr(message)),
level=zLOG.TRACE)
More information about the Zope-Checkins
mailing list