HMAC Algorithm #7

Closed
eklinger opened this Issue Oct 11, 2011 · 7 comments

2 participants

@eklinger

In the HMAC algorithm code, there is a line:

secret = v + 1

When I enable debug and print the value of secret and string_to_sign variables, secret is really string_to_sign and string_to_sign is null. It seems that v is a pointer to the last variable in the conf for that directive. However, when I change secret = v -1, the data for secret ends up being the value of secret + the value of string_to_sign concated together.

With secret = v-1
set $secret 'yzY3mIMZfyO03';
set $string_to_sign 'ec_country_allow=US';
set_hmac_sha1 $tok $secret $string_to_sign;

from log:
secret=yzY3mIMZfyO03ec_country_allow=US, string_to_sign=ec_country_allow=US

With secret = v+1

secret=ec_country_allow=US, string_to_sign=(null)

Any ideas? Thank you

@eklinger

Sorry, with secret = v+1,

secret=(null), string_to_sign=ec_country_allow=US

@eklinger

With the original way, secret = v and string_to_sign = v+1:

secret=ec_country_allow=US, string_to_sign=(null)

@agentzh
OpenResty member

Could you give me more information? Please show me the output of the following commands in your system:

  1. /path/to/your/nginx/sbin/nginx -V
  2. uname -a
@eklinger
@agentzh
OpenResty member

I cannot reproduce your issue in linux x86_64 and linux i386 with the latest ngx_set_misc git master HEAD. Please try out the latest ngx_set_misc module (not your patched ones), if you cannot reproduce any issues, then it must be a problem in your own code and I'd close this ticket.

@eklinger
@agentzh
OpenResty member

Yes :) Nginx strings are not C strings so it's important to use %.*s instead of %s and specify a length for the string being printed :)

@agentzh agentzh closed this Oct 12, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment