Repository: incubator-trafficcontrol Updated Branches: refs/heads/master a06dd8528 -> 3e2d771e2
Change TO ORT MIC to fall back to Content-Length Changes ORT to do a Message Integrity Check with Content-Length if it exists and Whole-Content-SHA512 doesn't. This specifically allows newer versions of ORT to work with older versions of Traffic Ops. Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/6f6101d7 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/6f6101d7 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/6f6101d7 Branch: refs/heads/master Commit: 6f6101d702d88d56cb56ab68f0303069b7d5f566 Parents: a06dd85 Author: Robert Butts <robert.o.bu...@gmail.com> Authored: Mon Aug 14 18:17:04 2017 -0600 Committer: Derek Gelinas <derek_geli...@cable.comcast.com> Committed: Tue Aug 15 11:42:12 2017 -0400 ---------------------------------------------------------------------- traffic_ops/bin/traffic_ops_ort.pl | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/6f6101d7/traffic_ops/bin/traffic_ops_ort.pl ---------------------------------------------------------------------- diff --git a/traffic_ops/bin/traffic_ops_ort.pl b/traffic_ops/bin/traffic_ops_ort.pl index 2bcd5df..f0da641 100755 --- a/traffic_ops/bin/traffic_ops_ort.pl +++ b/traffic_ops/bin/traffic_ops_ort.pl @@ -1634,20 +1634,30 @@ sub check_lwp_response_message_integrity { my $mic_header = 'Whole-Content-SHA512'; - if ( !defined($lwp_response->header($mic_header)) ) { - ( $log_level >> $panic_level ) && print $log_level_str . " $url did not return a $mic_header header! Cannot Message Integrity Check! (Are you running an older version of Traffic Ops?)\n"; - return 1; + if ( defined($lwp_response->header($mic_header)) ) { + if ( $lwp_response->header($mic_header) ne sha512_base64($lwp_response->content()) . '==') { + ( $log_level >> $panic_level ) && print $log_level_str . " $url returned a $mic_header of " . $lwp_response->header($mic_header) . ", however actual body SHA512 is " . sha512_base64($lwp_response->content()) . '==' . "!\n"; + exit 1 if ($log_level_str eq 'FATAL'); + return 1; + } else { + ( $log_level >> $DEBUG ) && print "DEBUG $url returned a $mic_header of " . $lwp_response->header($mic_header) . ", and actual body SHA512 is " . sha512_base64($lwp_response->content()) . '==' . "\n"; + return 0; + } } - elsif ( $lwp_response->header($mic_header) ne sha512_base64($lwp_response->content()) . '==') { - ( $log_level >> $panic_level ) && print $log_level_str . " $url returned a $mic_header of " . $lwp_response->header($mic_header) . ", however actual body SHA512 is " . sha512_base64($lwp_response->content()) . '==' . "!\n"; - exit 1 if ($log_level_str eq 'FATAL'); - return 1; + elsif ( defined($lwp_response->header('Content-Length')) ) { + if ( $lwp_response->header('Content-Length') != length($lwp_response->content()) ) { + ( $log_level >> $panic_level ) && print $log_level_str . " $url returned a Content-Length of " . $lwp_response->header('Content-Length') . ", however actual content length is " . length($lwp_response->content()) . "!\n"; + exit 1 if ($log_level_str eq 'FATAL'); + return 1; + } else { + ( $log_level >> $DEBUG ) && print "DEBUG $url returned a Content-Length of " . $lwp_response->header('Content-Length') . ", and actual content length is " . length($lwp_response->content()). "\n"; + return 0; + } } else { - ( $log_level >> $DEBUG ) && print "DEBUG $url returned a $mic_header of " . $lwp_response->header($mic_header) . ", and actual body SHA512 is " . sha512_base64($lwp_response->content()) . '==' . "\n"; - return 0; + ( $log_level >> $panic_level ) && print $log_level_str . " $url did not return a $mic_header or Content-Length header! Cannot Message Integrity Check!\n"; + return 1; } - } sub check_script_mode {