Bug #98991 for Apache-AuthTkt: validate_ticket / parse_ticket broken when using SHA

On Fri Sep 19 18:22:16 2014, jan@smets.cx wrote: Show quoted text
I too have the same problem. Replacing parse_ticket with my edited version of the parse_ticket subroutine works. The only changes are the 5 or 6 line leading up to the deconstructor. sub parse_ticket { my $self = shift; my $ticket = shift or croak "No ticket passed to parse_ticket"; my $parts = {}; # Strip possible quotes $ticket =~ s,^"|"$,,g; return if length($ticket) < 40; # Assume $ticket is not URL-escaped but may be base64-escaped my $raw = $ticket =~ m/!/ ? $ticket : decode_base64($ticket); # If $raw still doesn't have ! then it is bogus return if $raw !~ m/!/; # Deal with different hash lengths between SHA512, SHA256, MD5 my $hash_len = 32; #default md5 if ($self->{digest_type} =~ /sha512/i){ #not sure if case will always be upper or lower $hash_len = 128; #set for length of sha512 }elsif($self->{digest_type} =~ /sha256/i){ #not sure if case will always be upper or lower $hash_len = 64; #set for length of sha256 } # Deconstruct my ($digest,$ts,$uid,$extra) = ($raw =~ m/^(.{$hash_len})(.{8})(.+?)!(.*)$/); #modified to include the "$hash_len"(gth) variable $parts->{digest} = $digest; $parts->{ts} = hex($ts); $parts->{uid} = $uid; $parts->{tokens} = ''; $parts->{data} = ''; # Tokens and data if present if (defined $extra) { if ($extra =~ m/!/) { ($parts->{tokens},$parts->{data}) = split m/!/, $extra, 2; } else { $parts->{data} = $extra; } } return $parts; } Good Luck! Garrett Galloway Old subroutine for comparison: sub parse_ticket { my $self = shift; my $ticket = shift or croak "No ticket passed to parse_ticket"; my $parts = {}; # Strip possible quotes $ticket =~ s,^"|"$,,g; return if length($ticket) < 40; # Assume $ticket is not URL-escaped but may be base64-escaped my $raw = $ticket =~ m/!/ ? $ticket : decode_base64($ticket); # If $raw still doesn't have ! then it is bogus return if $raw !~ m/!/; # Deconstruct my ($digest,$ts,$uid,$extra) = ($raw =~ m/^(.{32})(.{8})(.+?)!(.*)$/); $parts->{digest} = $digest; $parts->{ts} = hex($ts); $parts->{uid} = $uid; $parts->{tokens} = ''; $parts->{data} = ''; # Tokens and data if present if (defined $extra) { if ($extra =~ m/!/) { ($parts->{tokens},$parts->{data}) = split m/!/, $extra, 2; } else { $parts->{data} = $extra; } } return $parts; }

I too have the same problem.