Permalink
Browse files

digest instead of hexdigest

broker resilient against big messages by MAXBUF
  • Loading branch information...
1 parent 2e58a01 commit 7ba996682101f746feb0f40ca3822157aed45529 @rep committed Apr 12, 2011
Showing with 15 additions and 2 deletions.
  1. +14 −1 broker/feedbroker.py
  2. +1 −1 cli/feed.py
View
@@ -25,6 +25,16 @@
OP_PUBLISH = 3
OP_SUBSCRIBE = 4
+MAXBUF = 1024**2
+SIZES = {
+ OP_ERROR: 5+MAXBUF,
+ OP_INFO: 5+256+20,
+ OP_AUTH: 5+256+20,
+ OP_PUBLISH: 5+MAXBUF,
+ OP_SUBSCRIBE: 5+256*2,
+}
+
+
class BadClient(Exception):
pass
@@ -42,6 +52,9 @@ def unpack(self):
raise StopIteration('No message.')
ml, opcode = struct.unpack('!iB', buffer(self.buf,0,5))
+ if ml > SIZES.get(opcode, MAXBUF):
+ raise BadClient('Not respecting MAXBUF.')
+
if len(self.buf) < ml:
raise StopIteration('No message.')
@@ -87,7 +100,7 @@ def dbexc(e):
def checkauth(self, r, hash):
if len(r) > 0:
akobj = r[0]
- akhash = hashlib.sha1('{0}{1}'.format(self.rand, akobj['secret'])).hexdigest()
+ akhash = hashlib.sha1('{0}{1}'.format(self.rand, akobj['secret'])).digest()
if akhash == hash:
self.pubchans.update(akobj['publish'])
self.subchans.update(akobj['subscribe'])
View
@@ -24,7 +24,7 @@ def msgpublish(ident, chan, data):
def msgsubscribe(ident, chan):
return msghdr(OP_SUBSCRIBE, struct.pack('!B', len(ident)%0xff) + ident + chan)
def msgauth(rand, ident, secret):
- hash = hashlib.sha1(rand+secret).hexdigest()
+ hash = hashlib.sha1(rand+secret).digest()
return msghdr(OP_AUTH, struct.pack('!B', len(ident)%0xff) + ident + hash)
class FeedUnpack(object):

0 comments on commit 7ba9966

Please sign in to comment.