"+" bug in mac_key?
brad at danga.com
Tue Aug 2 14:36:04 PDT 2005
All that comes to mind is that somebody escaping/descaping the parameter
as a URL parameter one too many/few times.
Let me know if it's a bug with LiveJournal's (the Perl) libraries.
On Tue, 2 Aug 2005, Wechsler wrote:
> Long shot:
> I've got a smart mode consumer, written in PHP, that seems to be working
> in the main, but every so often the HMAC_SHA1 signature from the server
> won't match the one I generate.
> Every time this has happened, the raw openid mac_key I've received by
> association has a plus (+) in it. This key is stored in a MySQL database
> (could this corrupt in in any way?), and the ones that have failed are:
> The code uses GMP support for the HMAC and DH code, and uses PHP's
> pack() function (which I've seen to be flaky in the past). If anyone
> knows of any flaws with these, I'd love to hear about it. Equally, if
> anyone wants to see the (still somewhat clunky) code, let me know.
> Now, I appreciate that this is a bit of a weird bug, but I thought I'd
> throw it into the mix and see if it meant anything to anyone.
More information about the yadis