[Nitro] two way crypt function

Bill Kelly billk at cts.com
Mon Nov 12 17:16:07 EST 2007


Hi George,

From: George Moschovitis
>
> I have added all the debugging aids. This bug is random and I still
> cannot understand why it happens.
> the offending code is:
>
> lib/raw/context/session/cookie.rb

It appears that while the encoded cookie data going out has been
URL encoded with %0A %2B etc...

WARN: --old--> "BAhJQzoRUmF3OjpTZXNzaW9uewciDm9yZGVyX29pZGlaIgpG
TEFTSElDOhlS%0AYXc6OkZsYXNoaW5nOjpGbGFzaHsABjoLQGRpcnR5ewAGOg1AZ
XhwaXJlc3U6%0ACVRpbWUNlukagFY%2BaVE%3D%0A--fae0818a4fea3a7a9285c46f101297ea6eb11d08781a45be7c25d46ef75a2ceb
8c25feb5f1a0e5744594f6ade3f0835956e5b1bca9ae5750fe99f859d47c86b2"

WARN: %%%%%%%% digest: Session.secret="public"
WARN: -input-> "BAhJQzoRUmF3OjpTZXNzaW9uewciDm9yZGVyX29pZGlaIgpG
TEFTSElDOhlS\nYXc6OkZsYXNoaW5nOjpGbGFzaHsABjoLQGRpcnR5ewAGOg1AZX
hwaXJlc3U6\nCVRpbWUNlukagFY+aVE=\n"
WARN: -hash-->
fae0818a4fea3a7a9285c46f101297ea6eb11d08781a45be7c25d46ef75a2ceb
8c25feb5f1a0e5744594f6ade3f0835956e5b1bca9ae5750fe99f859d47c86b2


...The encoded data coming back in has already had the %xx URL
encoding decoded into literal characters:

WARN: --new--> "BAhJQzoRUmF3OjpTZXNzaW9uewciDm9yZGVyX29pZGlaIgpG
TEFTSElDOhlS\nYXc6OkZsYXNoaW5nOjpGbGFzaHsABjoLQGRpcnR5ewAGOg1AZX
hwaXJlc3U6\nCVRpbWUNlukagFY+aVE=\n--
fae0818a4fea3a7a9285c46f101297ea6eb11d08781a45be7c25d46ef75a2ceb
8c25feb5f1a0e5744594f6ade3f0835956e5b1bca9ae5750fe99f859d47c86b2"

...And as such, when CGI.decode is called on these already-literal
characters, a literal '+' will be converted to a space ' ' by 
CGI.unescape.

WARN: %%%%%%%% digest: Session.secret="public"
WARN: -input-> "BAhJQzoRUmF3OjpTZXNzaW9uewciDm9yZGVyX29pZGlaIgpG
TEFTSElDOhlS\nYXc6OkZsYXNoaW5nOjpGbGFzaHsABjoLQGRpcnR5ewAGOg1AZX
hwaXJlc3U6\nCVRpbWUNlukagFY aVE=\n"
WARN: -hash-->
859210ca5f0bfbaf57e94fbadc8c4eb9ac4c0deb6caf6ec02b664d675ea9150f
840c4dfaa41f646b51a836cd4c391bbe05a44c9dc7f495a6d9e001370181b958


Thus the digest was originally generated on data above that 
ended in "...kagFY+aVE=\n".  But when the digest is later called
to converm the data, it is called on data that looks like:
"...kagFY aVE=\n".

(Where the + has been replaced with a space.)


Hope this helps,

Bill




More information about the Nitro-general mailing list