Loading ...
Sorry, an error occurred while loading the content.

SOAP::Lite with Crypt::CBC

Expand Messages
  • emdee
    Hello, I m having this crazy problem that I ve worked down to either being a problem with SOAP::Lite, Crypt::CBC or interaction between them. I ve pasted a few
    Message 1 of 3 , Jan 30, 2002
    • 0 Attachment
      Hello,

      I'm having this crazy problem that I've worked down to either being
      a problem with SOAP::Lite, Crypt::CBC or interaction between them.
      I've pasted a few scripts below that demonstrate the issue. These are
      boiled down from the actual application I'm working on to more
      clearly isolate the problem.

      The crypt.cgi is my proxy. I'm using the "mixed" dispatch so that
      my module can use @INC. RPCCrypt.pm is the module I'm dispatching to.
      I've got the constructor for use in my local script. The crypt-
      soap.pl script accesses the module via the SOAP proxy and gets the
      error "input must be 8 bytes long
      at /usr/local/lib/perl5/site_perl/5.6.0/i386-
      freebsd/Crypt/Blowfish.pm line 51.". This returns a similar error for
      which ever cipher I use. The crypt-local.pl script accesses the same
      module locally, and it works fine.

      Additionally, if I use a literal string in the Crypt:CBC
      encrypt_hex call in RPCCrypt.pm (such as "return $cipher->encrypt_hex
      ("$string");"), it works regardless of which script is used. Also if
      I set a variable in the EncryptHex function of RPCCrypt.pm and use
      that variable in the encrypt_hex call, THAT works for both script. It
      only fails with the error message when it's a variable passed into
      the EncryptHex function via the SOAP script. Uncommenting line 20 in
      RPCCrypt.pm shows that the variable is being set properly, so I'm at
      a total loss as to what the problem is.

      Any thoughts on this? Am I missing something simple and obvious?
      I'd appreciate any information or help.

      Regards,
      Michael~

      ##### START crypt.cgi #####
      #!/usr/bin/perl -w

      use lib '/usr/home/emdee/perl5lib';
      use SOAP::Transport::HTTP;

      SOAP::Transport::HTTP::CGI
      -> dispatch_to('/home/emdee/local/rpc/modules', "RPCCrypt")
      -> handle;
      ###### END crypt.cgi ######

      ##### START RPCCrypt.pm #####
      package RPCCrypt;

      use Crypt::CBC;

      my $cryptkey = 'lamekey';

      sub new
      {
      my ($class, %args) = @_;
      my $self = {};

      return bless $self, ref($class) || $class;
      }

      sub EncryptHex
      {
      my ($self, $string) = @_;

      my $cipher = new Crypt::CBC($cryptkey, "Blowfish");
      # return "$self:$string";
      return $cipher->encrypt_hex("$string");
      }
      ###### END RPCCrypt.pm ######

      ##### START crypt-soap.pl #####
      #!/usr/bin/perl

      use SOAP::Lite;

      my $soap = SOAP::Lite
      -> uri('http://emdee.net/RPCCrypt')
      -> proxy('http://emdee.net/cgi-sys/cgiwrap/emdee/rpc/crypt.cgi')
      -> on_fault(sub { my($soap, $res) = @_;
      die ref $res ? $res->faultstring : $soap->transport-
      >status, "\n";
      });

      print $soap
      -> EncryptHex('hello')
      -> result, "\n";
      ###### END crypt-soap.pl ######

      ##### START crypt-local.pl #####
      #!/usr/bin/perl

      use lib '/home/emdee/local/rpc/modules';
      use RPCCrypt;

      my $crypt = RPCCrypt->new();
      print $crypt->EncryptHex('hello'), "\n";
      ###### END crypt-local.pl ######
    • emdee
      Just a follow up, It turns out the problem was the variable was tainted. It had occurred to me that the problem seemed like a taint issue but I wasn t
      Message 2 of 3 , Jan 31, 2002
      • 0 Attachment
        Just a follow up,

        It turns out the problem was the variable was tainted. It had
        occurred to me that the problem seemed like a taint issue but I
        wasn't explicitly running in taint mode nor was I accessing any
        system calls so I had dismissed that. Silly me. Since I'm running
        these under cgiwrap I was automatically in taint mode and Crypt::CBC
        does something with the data that taint mode doesn't allow, causing
        the failure.

        Michael~

        --- In soaplite@y..., "emdee" <emdee@y...> wrote:
        > Hello,
        >
        > I'm having this crazy problem that I've worked down to either
        being
        > a problem with SOAP::Lite, Crypt::CBC or interaction between them.
        > I've pasted a few scripts below that demonstrate the issue. These
        are
        > boiled down from the actual application I'm working on to more
        > clearly isolate the problem.
      • Sam Tregar
        ... Ah, does any else find the idea that Crypt::CBC does something with data that Taint doesn t like sort of frightening? Maybe this is worth looking into
        Message 3 of 3 , Jan 31, 2002
        • 0 Attachment
          On Fri, 1 Feb 2002, emdee wrote:

          > It turns out the problem was the variable was tainted. It had
          > occurred to me that the problem seemed like a taint issue but I
          > wasn't explicitly running in taint mode nor was I accessing any
          > system calls so I had dismissed that. Silly me. Since I'm running
          > these under cgiwrap I was automatically in taint mode and Crypt::CBC
          > does something with the data that taint mode doesn't allow, causing
          > the failure.

          Ah, does any else find the idea that Crypt::CBC does something with data
          that Taint doesn't like sort of frightening? Maybe this is worth looking
          into further.

          -sam
        Your message has been successfully submitted and would be delivered to recipients shortly.