Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug in signature validation renders Cipher unusable #22

Closed
Fl4m3Ph03n1x opened this issue Nov 23, 2018 · 1 comment
Closed

Bug in signature validation renders Cipher unusable #22

Fl4m3Ph03n1x opened this issue Nov 23, 2018 · 1 comment

Comments

@Fl4m3Ph03n1x
Copy link
Collaborator

Background

Our team was using cypher to create URL signatures in the client and validate them via a the Plug in the server.

Issue

However, even though we were using the test_mode flag set to true with the callback function to log errors, Cipher was still crashing and killing the server process.

Yes, the signatures were faulty, but the expected behaviour would be to Log the error instead of crashing the process.

RCA

After lengthy analysis I concluded that the bug is located in cipher/validate_plug.ex, namely in the following code snippet:

case validation do
      {:ok, _} -> conn

      {:error, error} ->
        # call user fun if given
        if opts[:error_callback], do: opts[:error_callback].(conn, error)

        if opts[:test_mode] do
          conn
        else
          conn
          |> send_resp(401, "unauthorized")
          |> halt
        end
end

The issue here is that this case clause is missing pattern matches, which causes it to throw an exception.

How could this be?

This is where things get tricky. Cipher is tightly coupled to a JSON parsing library, called Poison.

Cipher says in the mix.exs file that it supports several Poison versions. In fact it says it supports incompatible Poison versions.

{:poison, "~> 2.0 or ~> 3.0"}

These versions have incompatible APIs between them when reporting errors, so the code that pattern matches an error expression from Poison v2 does not match one from Poison v3. Not only that, but Poison v3 has known bugs in the error reporting API that cause errors to have different formats.

Poison v4 solved some of the issues, but the API breaks backwards compatibility.

And now comes the crux of the issue. Cipher's code and tests do not take into account all the different Poison versions, nor the specific bugs encountered in each version.

Possible solution

A possible solution would be to remake Cipher to use Poison v4, or Jason ( or preferably, to have a behaviour that would allow plugins that use different JSON parsers ) but that would take a tremendous effort that when taking in consideration other Cipher weaknesses ( such as the low security for the generated signatures ) would not be worth it.

We instead recommend you use an alternative to Cipher.
@Fl4m3Ph03n1x Fl4m3Ph03n1x changed the title Bug in validate_plug.ex renders cipher unusable Bug in signature validation renders Cipher unusable Nov 23, 2018
@rubencaro
Copy link
Owner

We instead recommend you use an alternative to Cipher.

We do. 😁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rubencaro @Fl4m3Ph03n1x