You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Ferrari Geoffrey <ge...@oriel.oxford.ac.uk> on 2005/02/13 13:15:24 UTC
Logfile Error: \t(in cleanup) Not a reference to a Digest::MD5 object.\n
Hi all,
I'm running the latest release of MP2 on FreeBSD 5.3 (more details
below). One part of my site takes a user's password submitted from a
form, encrypts it using MD5, and stores that encrypted value in my
database (Postgres 7.4.7). Sometimes it works, sometimes it doesn't.
When it doesn't work, the Apache log file reports:
[Sun Feb 13 11:51:52 2005] ...blah blah blah
(in cleanup) Not a reference to a Digest::MD5 object.
[Sun Feb 13 11:51:52 2005] [error] [client 192.168.0.6] \t(in cleanup)
Not a ref
erence to a Digest::MD5 object.\n, referer:
https://192.168.0.3/CHANGEMYDETAILS
Insecure dependency in open while running setgid.
Does anyone know offhand what is going on here? I think the problem
could probably relate to the MD5 hashing perl subroutine that I use,
partly because the log mentions a problem with an MD5 object, and
partly because when I replace it with a dummy subroutine that just
returns a hardcoded string, the errors do not seem to arise. I can't be
sure that this is the problem, however, because as I say, even with the
real subroutine being called, sometimes it works, sometimes it doesn't.
Anyway, the code I use for that subroutine is:
# based loosely on code in the Eagle book, p.217
sub make_db_MAC {
# NB1 '' = the empty string i.e. two single quotes
# NB2 DBSECRET is declared as a constant (i.e. use constant DBSECRET
=> '...';)
my ($interim) = MD5->hexhash(join('', DBSECRET, @_));
my ($db_mac) = MD5->hexhash(DBSECRET . $interim);
return $db_mac;
}
One last piece of information. When it doesn't work, most browsers do
nothing. Safari in OSX, however, reports:
The error was: “bad server response” (NSURLErrorDomain:-1011)
Any suggestions most gratefully received (I've been working on this for
hours already.)
Geoff Ferrari
[Further Info]
The list of packages and ports I have installed on FreeBSD 5.3 is:
apache-2.0.53 Version 2 of Apache web server with prefork MPM.
apg-2.3.0b An automated password generator
autoconf-2.59_2 Automatically configure source code on many Un*x
platforms
bash-3.0.16_1 The GNU Project's Bourne Again SHell
bsdpan-Apache-AuthCookie-3.06 Apache::AuthCookie - Perl Authentication
and Authorization
cvsup-without-gui-16.1h General network file distribution system
optimized for CVS
ddclient-3.6.5 Update dynamic DNS entries
expat-1.95.8 XML 1.0 parser written in C
fastest_cvsup-0.2.9 Finds fastest CVSup server
gettext-0.14.1 GNU gettext package
gmake-3.80_2 GNU version of 'make' utility
help2man-1.34.2 Automatically generating simple manual pages from
program o
libiconv-1.9.2_1 A character set conversion library
libtool-1.3.5_2 Generic shared library support script (version 1.3)
libtool-1.5.10 Generic shared library support script (version 1.5)
lynx-ssl-2.8.5 A non-graphical, text-based World-Wide Web client
with SSL
m4-1.4.1 GNU m4
mod_perl2-2.0.0r3 Embeds a Perl interpreter in the Apache2 server
openssl-0.9.7e_2 SSL and crypto library
p5-Apache-DBI-0.94 DBI persistent connection, authentication and
authorization
p5-CGI.pm-3.05,1 Simple Common Gateway Interface Class for Perl
p5-Crypt-CBC-2.12 Perl5 interface to Cipher Block Chaining with DES
and IDEA
p5-Crypt-IDEA-1.02 Perl5 interface to IDEA block cipher
p5-DBD-Pg-1.32_1 Provides access to PostgreSQL databases through the
DBI
p5-DBI-1.47 The perl5 Database Interface. Required for DBD::*
modules
p5-ExtUtils-XSBuilder-0.27 Autogenerating XS-glue Code
p5-HTML-Parser-3.45 Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.04 Some useful data table in parsing HTML
p5-HTML-Template-2.7 Perl module to use HTML Templates from CGI scripts
p5-MD5-2.03 Perl5 interface to MD5 Message-Digest Algorithm
p5-Parse-RecDescent-1.94 A recursive descent parsing framework for Perl
p5-Text-Balanced-1.95 Text::Balanced - extract delimited text sequences
from stri
p5-Tie-IxHash-1.21 Perl module implementing ordered in-memory
associative arra
p5-URI-1.35 Perl5 interface to Uniform Resource Identifier
(URI) refere
p5-gettext-1.03 Message handling functions
p5-libapreq2-2.04r03 Generic Apache2 Request Library
p5-libwww-5.79_1 Perl5 library for WWW access
perl-5.8.6_2 Practical Extraction and Report Language
portupgrade-20041226_1 FreeBSD ports/packages administration and
management tool s
postgresql-client-7.4.7 PostgreSQL database (client)
postgresql-docs-7.4.7 The PostgreSQL documentation set
postgresql-server-7.4.7 The most advanced open-source database
available anywhere
ruby-1.8.2_2 An object-oriented interpreted scripting language
ruby18-bdb1-0.2.2 Ruby interface to Berkeley DB revision 1.8x with
full featu
Re: Logfile Error: \t(in cleanup) Not a reference to a Digest::MD5 object.\n
Posted by Ferrari Geoffrey <ge...@oriel.oxford.ac.uk>.
I may have solved this problem by moving from 'use MD5;' to 'use
Digest::MD5' (and making the necessary coding adjustments for the
different interface). A recent update to MD5 may be responsible for the
previous bad behaviour.
On 13 Feb 2005, at 12:15, Ferrari Geoffrey wrote:
> Hi all,
>
> I'm running the latest release of MP2 on FreeBSD 5.3 (more details
> below). One part of my site takes a user's password submitted from a
> form, encrypts it using MD5, and stores that encrypted value in my
> database (Postgres 7.4.7). Sometimes it works, sometimes it doesn't.
> When it doesn't work, the Apache log file reports:
>
> [Sun Feb 13 11:51:52 2005] ...blah blah blah
> (in cleanup) Not a reference to a Digest::MD5 object.
> [Sun Feb 13 11:51:52 2005] [error] [client 192.168.0.6] \t(in cleanup)
> Not a ref
> erence to a Digest::MD5 object.\n, referer:
> https://192.168.0.3/CHANGEMYDETAILS
> Insecure dependency in open while running setgid.
>
> Does anyone know offhand what is going on here? I think the problem
> could probably relate to the MD5 hashing perl subroutine that I use,
> partly because the log mentions a problem with an MD5 object, and
> partly because when I replace it with a dummy subroutine that just
> returns a hardcoded string, the errors do not seem to arise. I can't
> be sure that this is the problem, however, because as I say, even with
> the real subroutine being called, sometimes it works, sometimes it
> doesn't. Anyway, the code I use for that subroutine is:
>
> # based loosely on code in the Eagle book, p.217
> sub make_db_MAC {
>
> # NB1 '' = the empty string i.e. two single quotes
> # NB2 DBSECRET is declared as a constant (i.e. use constant DBSECRET
> => '...';)
>
> my ($interim) = MD5->hexhash(join('', DBSECRET, @_));
>
> my ($db_mac) = MD5->hexhash(DBSECRET . $interim);
>
> return $db_mac;
>
> }
>
> One last piece of information. When it doesn't work, most browsers do
> nothing. Safari in OSX, however, reports:
>
> The error was: “bad server response” (NSURLErrorDomain:-1011)
>
> Any suggestions most gratefully received (I've been working on this
> for hours already.)
>
> Geoff Ferrari
>
> [Further Info]
>
> The list of packages and ports I have installed on FreeBSD 5.3 is:
>
> apache-2.0.53 Version 2 of Apache web server with prefork MPM.
> apg-2.3.0b An automated password generator
> autoconf-2.59_2 Automatically configure source code on many Un*x
> platforms
> bash-3.0.16_1 The GNU Project's Bourne Again SHell
> bsdpan-Apache-AuthCookie-3.06 Apache::AuthCookie - Perl Authentication
> and Authorization
> cvsup-without-gui-16.1h General network file distribution system
> optimized for CVS
> ddclient-3.6.5 Update dynamic DNS entries
> expat-1.95.8 XML 1.0 parser written in C
> fastest_cvsup-0.2.9 Finds fastest CVSup server
> gettext-0.14.1 GNU gettext package
> gmake-3.80_2 GNU version of 'make' utility
> help2man-1.34.2 Automatically generating simple manual pages from
> program o
> libiconv-1.9.2_1 A character set conversion library
> libtool-1.3.5_2 Generic shared library support script (version 1.3)
> libtool-1.5.10 Generic shared library support script (version 1.5)
> lynx-ssl-2.8.5 A non-graphical, text-based World-Wide Web client
> with SSL
> m4-1.4.1 GNU m4
> mod_perl2-2.0.0r3 Embeds a Perl interpreter in the Apache2 server
> openssl-0.9.7e_2 SSL and crypto library
> p5-Apache-DBI-0.94 DBI persistent connection, authentication and
> authorization
> p5-CGI.pm-3.05,1 Simple Common Gateway Interface Class for Perl
> p5-Crypt-CBC-2.12 Perl5 interface to Cipher Block Chaining with DES
> and IDEA
> p5-Crypt-IDEA-1.02 Perl5 interface to IDEA block cipher
> p5-DBD-Pg-1.32_1 Provides access to PostgreSQL databases through
> the DBI
> p5-DBI-1.47 The perl5 Database Interface. Required for DBD::*
> modules
> p5-ExtUtils-XSBuilder-0.27 Autogenerating XS-glue Code
> p5-HTML-Parser-3.45 Perl5 module for parsing HTML documents
> p5-HTML-Tagset-3.04 Some useful data table in parsing HTML
> p5-HTML-Template-2.7 Perl module to use HTML Templates from CGI scripts
> p5-MD5-2.03 Perl5 interface to MD5 Message-Digest Algorithm
> p5-Parse-RecDescent-1.94 A recursive descent parsing framework for Perl
> p5-Text-Balanced-1.95 Text::Balanced - extract delimited text
> sequences from stri
> p5-Tie-IxHash-1.21 Perl module implementing ordered in-memory
> associative arra
> p5-URI-1.35 Perl5 interface to Uniform Resource Identifier
> (URI) refere
> p5-gettext-1.03 Message handling functions
> p5-libapreq2-2.04r03 Generic Apache2 Request Library
> p5-libwww-5.79_1 Perl5 library for WWW access
> perl-5.8.6_2 Practical Extraction and Report Language
> portupgrade-20041226_1 FreeBSD ports/packages administration and
> management tool s
> postgresql-client-7.4.7 PostgreSQL database (client)
> postgresql-docs-7.4.7 The PostgreSQL documentation set
> postgresql-server-7.4.7 The most advanced open-source database
> available anywhere
> ruby-1.8.2_2 An object-oriented interpreted scripting language
> ruby18-bdb1-0.2.2 Ruby interface to Berkeley DB revision 1.8x with
> full featu
>
>
>