diff options
| author | cassio <cassiopc@gmail.com> | 2018-08-27 14:34:30 +0000 |
|---|---|---|
| committer | cassio <cassiopc@gmail.com> | 2018-08-27 14:34:30 +0000 |
| commit | e2a898ab9f88010a14da14b54a9809ba2c6e17ab (patch) | |
| tree | 4c8a953ad0d77a8ea9a9a10d016bfaaa6e811b4d | |
| parent | 6ca67b9f36309001cdc149d7746b7a9b3a171bc6 (diff) | |
| download | boca-e2a898ab9f88010a14da14b54a9809ba2c6e17ab.tar.gz boca-e2a898ab9f88010a14da14b54a9809ba2c6e17ab.zip | |
bug in openssl_encrypt? options cannot take padding
| -rw-r--r-- | src/getcode.php | 11 | ||||
| -rwxr-xr-x | tools/boca-auth-runs | 26 |
2 files changed, 23 insertions, 14 deletions
diff --git a/src/getcode.php b/src/getcode.php index 90e8b58..fcc45cd 100644 --- a/src/getcode.php +++ b/src/getcode.php @@ -1,5 +1,6 @@ <?php ob_start(); +require_once('globals.php'); header ("Expires: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header ("Cache-Control: no-cache, must-revalidate"); @@ -22,9 +23,9 @@ function make_seed() } srand(make_seed()); -function myhash($k) { - return hash('sha256',$k); -} +//function myhash($k) { +// return hash('sha256',$k); +//} if(!function_exists('openssl_cipher_iv_length')) { MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); @@ -53,8 +54,8 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) { "chmod 600 /root/submissions/code\n"; if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str; - echo $iv . ":" . $clen . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 - @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); + echo $iv . ":" . $clen . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA, $iv); + @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . getIP() . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); exit; } } diff --git a/tools/boca-auth-runs b/tools/boca-auth-runs index ffcc061..63bc6b3 100755 --- a/tools/boca-auth-runs +++ b/tools/boca-auth-runs @@ -59,15 +59,23 @@ if [ "$?" == "0" ]; then ivv="" iv=$(head -n1 "$temp" | cut -d':' -f1) clen=$(head -n1 "$temp" | cut -d':' -f2) - tail -n +2 "$temp" > "${temp}.0" - rm -f "$temp" - for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done - for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done - openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv - rm -f "${temp}.0" - grep -q "$iv" "${temp}.1" - if [ "$?" == "0" ]; then - /bin/bash "${temp}.1" + if [ "$clen" -eq "$clen" ] 2>/dev/null; then + tail -n +2 "$temp" > "${temp}.0" + rm -f "$temp" + for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done + for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done + openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv + rm -f "${temp}.0" + grep -q "$iv" "${temp}.1" + if [ "$?" == "0" ]; then + /bin/bash "${temp}.1" + else + echo "" + echo "$BOCASERVER: downloaded content is corrupted" + rm -f "${temp}.1" + rm -f "${temp}.cookie.txt" + exit 4 + fi else echo "" echo "$BOCASERVER: downloaded content is corrupted" |