From 735524f85066d94f6e7132958ea8c20e23f2f9c5 Mon Sep 17 00:00:00 2001 From: Nic Cope Date: Thu, 14 Jul 2022 14:11:33 -0700 Subject: [PATCH] Use sha256 to sanitize discovery HTTP cache keys This helps avoid (potentially malicious) collisions when reading and writing cache data. Signed-off-by: Nic Cope Kubernetes-commit: 288a17fd337c65cb5aea44e44ecb74e9cb8088f5 --- discovery/cached/disk/round_tripper.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/discovery/cached/disk/round_tripper.go b/discovery/cached/disk/round_tripper.go index 06d82627..a7cea6e7 100644 --- a/discovery/cached/disk/round_tripper.go +++ b/discovery/cached/disk/round_tripper.go @@ -17,10 +17,10 @@ limitations under the License. package disk import ( + "crypto/sha256" "encoding/binary" "fmt" "hash/crc32" - "hash/fnv" "net/http" "os" "path/filepath" @@ -95,7 +95,7 @@ func (c *crcDiskCache) Get(key string) ([]byte, bool) { return response, true } -// Set writes the response to a file on disk. The filename will be the FNV-32a +// Set writes the response to a file on disk. The filename will be the SHA256 // hash of the key. The file will contain the CRC-32 checksum of the response // bytes, followed by said response bytes. func (c *crcDiskCache) Set(key string, response []byte) { @@ -113,7 +113,8 @@ func (c *crcDiskCache) Delete(key string) { // the request method was GET) or " " for other methods, per the // httpcache.cacheKey function. func sanitize(key string) string { - h := fnv.New32a() - _, _ = h.Write([]byte(key)) // Writing to a hash never returns an error. - return fmt.Sprintf("%X", h.Sum32()) + // These keys are not sensitive. We use sha256 to avoid a (potentially + // malicious) collision causing the wrong cache data to be written or + // accessed. + return fmt.Sprintf("%x", sha256.Sum256([]byte(key))) }