| Subject: | Fake values still pass verification |
Hi!
I'm using Authen::TypeKey to authenticate against a custom TypeKey server. Whilst playing around with my setup, i noticed that i could stuff fake values in to the query string (simulating what might get returned from the server) and still get access to a section that was protected.
I thought i must be dreaming, so, i wrote a little test (attached) to see if this was truly the case. Here are the results:
1..3
ok 1 - Created Authen::TypeKey object
$VAR1 = {
'email' => 'foo',
'ts' => 1132235808,
'name' => 'foo',
'nick' => 'foo'
};
not ok 2 - Failed Verification
# Failed test (t\02-fake.t at line 19)
# Looks like you planned 3 tests but only ran 2.
As you an see, I added a warning to see what was being returned from the verification.
I did some inspection and it seems that at the end of _verify(), the following returns "true":
$u1 == $sig->{r};
even though they look like this (Math::BigInt version 1.77):
$VAR1 = bless( {
'value' => [
0
],
'sign' => 'NaN'
}, 'Math::BigInt' );
$VAR2 = bless( {
'value' => [
32394
],
'sign' => '+'
}, 'Math::BigInt' );
If you stringify them both, then everything is okay. i.e.:
"$u1" == '' . $sig->{ r };
So, this is probably more of a bug with Math::BigInt, which i will file a bug report for shortly. So, you can choose to ignore this until Math::BigInt is fixed, though stringification should work before and after the fix.
-Brian
use Test::More tests => 2;
use Authen::TypeKey;
use Data::Dumper;
# set up some phony values
my $vars = {
ts => time,
email => 'foo',
name => 'foo',
nick => 'foo',
sig => 'foo',
};
my $tk = Authen::TypeKey->new;
ok($tk, 'Created Authen::TypeKey object');
my $res = $tk->verify($vars);
warn Dumper $res;
ok(!$res, 'Failed Verification');