From ddc2576781b971a0a6af29c46011b72d7f7f2f5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=A6=8C=EA=A6=AB=EA=A6=B6=EA=A6=8F=EA=A7=80=EA=A6=A6?= =?UTF-8?q?=EA=A6=BF=EA=A6=A7=EA=A6=AE=EA=A6=91=EA=A6=A9=EA=A6=AD=EA=A7=80?= Date: Sat, 10 Dec 2022 19:04:45 +0800 Subject: Fix the signature key checking --- midtrans.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/midtrans.c b/midtrans.c index 7caae6e..0f850db 100644 --- a/midtrans.c +++ b/midtrans.c @@ -332,13 +332,24 @@ enum midtrans_transaction_status midtrans_notification_transaction(char *post, BIO_set_md(mdtmp, EVP_sha512()); bio = BIO_push(mdtmp, bio); BIO_write(bio, signature_fields, signature_fields_len); - BIO_flush(bio); - char *pp; - long hash_len = BIO_get_mem_data(bio, &pp) - 1; - char hash[hash_len + 1]; - strncpy(hash, pp, hash_len); - hash[hash_len] = '\0'; + size_t signature_key_len = strlen(signature_key); + unsigned char mdbuf[EVP_MAX_MD_SIZE]; + int mdlen; + mdtmp = bio; + do { + EVP_MD *md; + mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); + if (!mdtmp) + break; + BIO_get_md(mdtmp, &md); + mdlen = BIO_gets(mdtmp, (char *)mdbuf, EVP_MAX_MD_SIZE); + mdtmp = BIO_next(mdtmp); + } while (mdtmp); BIO_free_all(bio); + char hash[mdlen * 2 + 1]; + hash[0] = '\0'; + for (size_t i = 0; i < mdlen; i++) + sprintf(hash, "%s%02x", hash, mdbuf[i]); if (strcmp(signature_key, hash)) return MIDTRANS_TRANSACTION_SIGNATUREKEYDOESNOTMATCH; -- cgit v1.2.3