Loading ...
Sorry, an error occurred while loading the content.

Re: SOAP::Lite with Crypt::CBC

Expand Messages
  • emdee
    Just a follow up, It turns out the problem was the variable was tainted. It had occurred to me that the problem seemed like a taint issue but I wasn t
    Message 1 of 3 , Jan 31, 2002
    • 0 Attachment
      Just a follow up,

      It turns out the problem was the variable was tainted. It had
      occurred to me that the problem seemed like a taint issue but I
      wasn't explicitly running in taint mode nor was I accessing any
      system calls so I had dismissed that. Silly me. Since I'm running
      these under cgiwrap I was automatically in taint mode and Crypt::CBC
      does something with the data that taint mode doesn't allow, causing
      the failure.

      Michael~

      --- In soaplite@y..., "emdee" <emdee@y...> wrote:
      > Hello,
      >
      > I'm having this crazy problem that I've worked down to either
      being
      > a problem with SOAP::Lite, Crypt::CBC or interaction between them.
      > I've pasted a few scripts below that demonstrate the issue. These
      are
      > boiled down from the actual application I'm working on to more
      > clearly isolate the problem.
    • Sam Tregar
      ... Ah, does any else find the idea that Crypt::CBC does something with data that Taint doesn t like sort of frightening? Maybe this is worth looking into
      Message 2 of 3 , Jan 31, 2002
      • 0 Attachment
        On Fri, 1 Feb 2002, emdee wrote:

        > It turns out the problem was the variable was tainted. It had
        > occurred to me that the problem seemed like a taint issue but I
        > wasn't explicitly running in taint mode nor was I accessing any
        > system calls so I had dismissed that. Silly me. Since I'm running
        > these under cgiwrap I was automatically in taint mode and Crypt::CBC
        > does something with the data that taint mode doesn't allow, causing
        > the failure.

        Ah, does any else find the idea that Crypt::CBC does something with data
        that Taint doesn't like sort of frightening? Maybe this is worth looking
        into further.

        -sam
      Your message has been successfully submitted and would be delivered to recipients shortly.