Skip Menu |

This queue is for tickets about the Crypt-RSA CPAN distribution.

Report information
The Basics
Id: 46577
Status: resolved
Priority: 0/
Queue: Crypt-RSA
People
Owner: Nobody in particular
Requestors: castaway [...] desert-island.me.uk
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.98
Fixed in: (no value)

History Show all quoted text
  Mon Jun 01 08:24:39 2009 cpan [...] desert-island.me.uk - Ticket created
Subject: Invalid signature calling verify() - traced to lack of parameter checking
Crypt::RSA::SS::PKCS1v15::verify does not check it was actually passed a Message or Plaintext parameter. Due to the lack of warnings pragma used in this module, it took me a whole day to track down this typo: my $plaintext = $rsa->verify(Messsage => $raw, Key => $public_key, Signature => $signature, ); (note the extra S in Messsage). Please fix for all methods that require/assume parameters but don't test them.
  Wed Jun 03 13:42:52 2009 justincase [...] yopmail.com - Correspondence added
On Mon Jun 01 08:24:39 2009, JROBINSON wrote: Show quoted text
> Crypt::RSA::SS::PKCS1v15::verify does not check it was actually
passed a Show quoted text
> Message or Plaintext parameter. Due to the lack of warnings pragma
used Show quoted text
> in this module, it took me a whole day to track down this typo: > > my $plaintext = $rsa->verify(Messsage => $raw, > Key => $public_key, > Signature => $signature, > ); > > (note the extra S in Messsage). > > Please fix for all methods that require/assume parameters but don't
test Show quoted text
> them.
(note the extra S in Messsage). ^^ was the extra S in your own code or in the module's code?
  Wed Jun 03 13:42:52 2009 The RT System itself - Status changed from 'new' to 'open'
  Thu Jun 04 17:55:22 2009 castaway [...] desert-island.me.uk - Correspondence added
Subject: Re: [rt.cpan.org #46577] Invalid signature calling verify() - traced to lack of parameter checking
Date: Thu, 4 Jun 2009 22:54:57 +0100 (BST)
To: Justin Case via RT <bug-Crypt-RSA [...] rt.cpan.org>
From: Jess Robinson <castaway [...] desert-island.me.uk>
On Wed, 3 Jun 2009, Justin Case via RT wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=46577 > > > On Mon Jun 01 08:24:39 2009, JROBINSON wrote:
>> Crypt::RSA::SS::PKCS1v15::verify does not check it was actually
> passed a
>> Message or Plaintext parameter. Due to the lack of warnings pragma
> used
>> in this module, it took me a whole day to track down this typo: >> >> my $plaintext = $rsa->verify(Messsage => $raw, >> Key => $public_key, >> Signature => $signature, >> ); >> >> (note the extra S in Messsage). >> >> Please fix for all methods that require/assume parameters but don't
> test
>> them.
> > (note the extra S in Messsage). > ^^ was the extra S in your own code or in the module's code? >
It was in my code.. thus, there was no message to verify.. but since warnings are ignored, it just attempted to verify undef/empty string instead.. Jess
  Sun Jun 07 01:12:15 2009 VIPUL [...] cpan.org - Correspondence added
The 1.99 release does parameter checking and raises an error if the required parameters are missing.
  Sun Jun 07 01:12:17 2009 VIPUL [...] cpan.org - Status changed from 'open' to 'resolved'