From 776b0c22a4af3914f6f7b7897484957236552f36 Mon Sep 17 00:00:00 2001 From: Dimitri Masson <30894448+d-masson@users.noreply.github.com> Date: Wed, 4 Nov 2020 15:30:33 +0100 Subject: [PATCH] reverse_proxy: Manage hmac.write error on cookie hash selection --- .../reverseproxy/selectionpolicies.go | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 953e922c8bd6..47e3f5e6dfc8 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -427,7 +427,8 @@ func (s CookieHashSelection) Select(pool UpstreamPool, req *http.Request, w http if !upstream.Available() { continue } - if hashCookie(s.Secret, upstream.Dial) == cookieValue { + sha, err := hashCookie(s.Secret, upstream.Dial) + if err == nil && sha == cookieValue { return upstream } } @@ -471,20 +472,25 @@ func selectNewHostWithCookieHashSelection(pool []*Upstream, w http.ResponseWrite if randomHost != nil { // Hash (HMAC with some key for privacy) the upstream.Dial string as the cookie value - sha := hashCookie(cookieSecret, randomHost.Dial) - // write the cookie. - http.SetCookie(w, &http.Cookie{Name: cookieName, Value: sha, Secure: false}) + sha, err := hashCookie(cookieSecret, randomHost.Dial) + if err == nil { + // write the cookie. + http.SetCookie(w, &http.Cookie{Name: cookieName, Value: sha, Secure: false}) + } } return randomHost } // Hash (Hmac256) some data with the secret -func hashCookie(secret string, data string) string { +func hashCookie(secret string, data string) (string, error) { // Create a new HMAC by defining the hash type and the key (as byte array) h := hmac.New(sha256.New, []byte(secret)) // Write Data to it - h.Write([]byte(data)) - return hex.EncodeToString(h.Sum(nil)) + _, err := h.Write([]byte(data)) + if err != nil { + return "", err + } + return hex.EncodeToString(h.Sum(nil)), nil } // leastRequests returns the host with the