[jira] Reopened: (SHINDIG-966) token over-decoding

Mon, 04 May 2009 04:28:54 -0700 

     [ 
https://issues.apache.org/jira/browse/SHINDIG-966?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dmitry Vorobyev reopened SHINDIG-966:
-------------------------------------


No, overdecoding problem is in core classes not in my servlets. 

Look at call stack:
1. GET: parameter st looks like this string: 
st=qN6X1mV3fMiFuNyqymezQi9RmD328CS75AQANJqtylM2Qi0T0tA5h8g2WVFEOJYGgBXs/pSP9Rwck4RiR+P2P2EePgs4wnCzbg6GtcmDjHoULjUA8/m2ZnhiMxWT6+AApgoHdPMwJ3c1iEs4dZpRxxWDLktxIPbNV5uMaeyYsw9t7YX8KQj2OGPulK3nn46sIEIps+IwJxwnwea04EwCCLtFHwEqQsBeegBTmrzlWuSqUPhUjT8bC2jLgKT4plcEk00bxw==
2. GadgetContext.php::extractAndValidateToken do $token = 
urldecode(base64_decode($token)); for this parameter st and it looks like 
binary data
3. $signer->createToken -> BasicSecurityTokenDecoder->createToken -> 
BasicSecurityToken->createFromToken -> BasicSecurityToken->__construct -> 
BasicBlobCrypter->unwrap
4. unwrap do $bin = base64_decode($in); but $in is already binary!

> token over-decoding
> -------------------
>
>                 Key: SHINDIG-966
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-966
>             Project: Shindig
>          Issue Type: Bug
>          Components: PHP
>    Affects Versions: trunk
>            Reporter: Dmitry Vorobyev
>            Assignee: Chris Chabot
>             Fix For: trunk
>
>
> ### Eclipse Workspace Patch 1.0
> #P gadget
> Index: 
> http://svn.apache.org/repos/asf/incubator/shindig/trunk/php/src/gadgets/GadgetContext.php
> ===================================================================
> --- 
> http://svn.apache.org/repos/asf/incubator/shindig/trunk/php/src/gadgets/GadgetContext.php
>  (revision 20842)
> +++ 
> http://svn.apache.org/repos/asf/incubator/shindig/trunk/php/src/gadgets/GadgetContext.php
>  (working copy)
> @@ -292,9 +292,6 @@
>      if (! isset($token) || $token == '') {
>        $token = isset($_POST['st']) ? $_POST['st'] : '';
>      }
> -    if (count(explode(':', $token)) != 6) {
> -      $token = urldecode(base64_decode($token));
> -    }
>      if (empty($token)) {
>        throw new Exception("Missing or invalid security token");
>      }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to