berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

Warn when an unsealed private cookie isn't valid UTF-8

This commit is contained in:
Llaurence 2019-03-31 10:26:16 +02:00
parent 1a871d708e
commit 656effddfe
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
actix-http/src/cookie/secure/private.rs
View File

@ -1,3 +1,4 @@
use log::error;
use ring::aead::{open_in_place, seal_in_place, Aad, Algorithm, Nonce, AES_256_GCM}; use ring::aead::{open_in_place, seal_in_place, Aad, Algorithm, Nonce, AES_256_GCM};
use ring::aead::{OpeningKey, SealingKey}; use ring::aead::{OpeningKey, SealingKey};
use ring::rand::{SecureRandom, SystemRandom}; use ring::rand::{SecureRandom, SystemRandom};
@ -57,9 +58,14 @@ impl<'a> PrivateJar<'a> {
let unsealed = open_in_place(&key, nonce, ad, 0, sealed) let unsealed = open_in_place(&key, nonce, ad, 0, sealed)
.map_err(|_| "invalid key/nonce/value: bad seal")?; .map_err(|_| "invalid key/nonce/value: bad seal")?;
::std::str::from_utf8(unsealed) if let Ok(unsealed_utf8) = ::std::str::from_utf8(unsealed) {
.map(|s| s.to_string()) Ok(unsealed_utf8.to_string())
.map_err(|_| "bad unsealed utf8") } else {
error!("Private cookie does not have utf8 content!");
error!("It is likely the secret key used to encrypt them has been leaked.");
error!("Please change it as soon as possible.");
Err("bad unsealed utf8")
}
} }
/// Returns a reference to the `Cookie` inside this jar with the name `name` /// Returns a reference to the `Cookie` inside this jar with the name `name`