Bug #79948 for Authen-Captcha: Broken Captcha Image on UI if generated code matches code in db

Environment Details ----------------------------------- Distribution name and version: Authen-Captcha-1.023 ]$ perl -v This is perl, v5.8.8 built for x86_64-linux-thread-multi ... ]$ uname -a Linux dev01.ds.dev.corp.oversee.net 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:32:21 EST 2010 x86_64 x86_64 x86_64 GNU/Linux Bug Reproduction Details ------------------------------------------- Initial State of db - ]$ cat /remote/captcha/db/codes.txt 1349114291::0c3035c07ffd2fb0908a93c8f0755252 Application code - # new instance my $captcha = Authen::Captcha->new( data_folder => ’/remote/captcha/db’, output_folder => ’/remote/captcha/img’, expire => '600', ); Then we generate a 4 digit code my $md5sum = $captcha->generate_code('4'); Now, if lets say $md5sum happens to be 0c3035c07ffd2fb0908a93c8f0755252 then Line # 359 of Captcha.pm removes the $png_file and inserts a new line in the db along with the # current timestamp at Line 370. This leaves the db in an inconsistent state and a broken image on the UI ( image not found issue ). Patch - Attaching a Captcha.pm.patch ------------------------------------------------------------- In case of an expired db code, the fix removes the png file only for non dupe. Down below, it appends the db with a new line and current timestamp for a non dupe. In case of a db code which is not expired, it keeps the current line in the db. Down below, it skips appending the db for a dupe.

--- /usr/lib/perl5/site_perl/5.8.6/Authen/Captcha.pm 2003-12-17 20:44:34.000000000 -0800 +++ /home/vshah/Captcha.pm 2012-10-01 12:16:11.000000000 -0700 @@ -348,17 +348,23 @@ close(DATA); my $new_data = ""; + my $duplicate_md5 = 0; foreach my $line (@data) { $line =~ s/\n//; my ($data_time,$data_code) = split(/::/,$line); - if ( (($current_time - $data_time) > ($self->expire())) || - ($data_code eq $md5) ) - { # remove expired captcha, or a dup - my $png_file = File::Spec->catfile($self->output_folder(),$data_code . ".png"); - unlink($png_file) or carp("Can't remove png file [$png_file]\n"); + if ( ($current_time - $data_time) > ($self->expire()) ) + { # expired, remove the line for non dupes only + if( $data_code ne $md5 ) { + my $png_file = File::Spec->catfile($self->output_folder(),$data_code . ".png"); + unlink($png_file) or carp("Can't remove png file [$png_file]\n"); + } } else { + # not expired, keep the line $new_data .= $line."\n"; + if( $data_code eq $md5 ) { + $duplicate_md5 = 1; # do not write a new line below + } } } @@ -367,9 +373,11 @@ open(DATA,">$database_file") or die "Can't open File: $database_file\n"; flock DATA, 2; # write lock warn "-->>" . $new_data . "\n" if($self->debug() >= 2); - warn "-->>" . $current_time . "::" . $md5."\n" if($self->debug() >= 2); print DATA $new_data; - print DATA $current_time."::".$md5."\n"; + unless( $duplicate_md5 ) { + warn "-->>" . $current_time . "::" . $md5."\n" if($self->debug() >= 2); + print DATA $current_time."::".$md5."\n"; + } close(DATA); warn "Close File: $database_file\n" if($self->debug() >= 2); @@ -491,7 +499,6 @@ my $code = $self->generate_random_string($length); my $md5 = md5_hex($code); - my ($captcha_data_ref,$output_filename); if ($self->type() eq 'image') {