summaryrefslogtreecommitdiff
path: root/src/sp_config_keywords.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2021-11-11 12:02:07 +0100
committerBen Fuhrmannek2021-11-11 12:02:07 +0100
commit9111fdf5e6332923a5faf9f8a7e6b428eb91795a (patch)
tree046703d4a95f8590a01e8a82631d3c061a6c2865 /src/sp_config_keywords.c
parent8e95c5d30f197716ba132e3f2494c5e220f3e5cd (diff)
detect dummy or short encryption key
Diffstat (limited to 'src/sp_config_keywords.c')
-rw-r--r--src/sp_config_keywords.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index f6af86b..cf44ed9 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -136,6 +136,19 @@ SP_PARSE_FN(parse_global) {
136 {0, 0, 0}}; 136 {0, 0, 0}};
137 137
138 SP_PROCESS_CONFIG_KEYWORDS_ERR(); 138 SP_PROCESS_CONFIG_KEYWORDS_ERR();
139
140 if (SPCFG(encryption_key)) {
141 if (ZSTR_LEN(SPCFG(encryption_key)) < 10) {
142 sp_log_err("config", "The encryption key set on line %zu is too short. please use at least 10 bytes", parsed_rule->lineno);
143 return SP_PARSER_ERROR;
144 }
145 if (zend_string_equals_literal(SPCFG(encryption_key), "YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.") ||
146 zend_string_equals_literal(SPCFG(encryption_key), "c6a0e02b3b818f7559d5f85303d8fe44")) {
147 sp_log_err("config", "The encryption key set on line %zu is an unchanged dummy value. please use a unique secret.", parsed_rule->lineno);
148 return SP_PARSER_ERROR;
149 }
150 }
151
139 return SP_PARSER_STOP; 152 return SP_PARSER_STOP;
140} 153}
141 154