not a bug: looking for help with FATAL: key must be string/buffer scalar

[jamesrleu]

I have a working version of the code in question, but putting it in a setuid environment results in an error. I'm wondering if you could give me more insight into the check behind 'key must be string/buffer scalar' error.

The first line of this shows the values being send into

Crypt::Mac::HMAC->new($aproto, $key);

2016/08/03 11:31:04 FATAL> BER.pm:604 INOC::SNMP2::BER::check_auth_parm - APROTO:MD5 KEY:m^0�KF&��m� 2016/08/03 11:31:04 FATAL> BER.pm:609 INOC::SNMP2::BER::check_auth_parm - FATAL: key must be string/buffer scalar at /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/Crypt/Mac/HMAC.pm line 16.

Any help would be appreciated.

[jamesrleu]

Update: I've confirmed that running my working version in a setuid script results in the same issue. Detaint of the key via: if ($key =~ m/^(.*)$/) { $key = $1; }

does not fix the issue. Again, I'm just looking for more information about the check that yields the FATAL: key must be string/buffer scalar error so I work around this issue.

[karel-m]

Try Crypt::Mac::HMAC->new($aproto, "$key");

[karel-m]

The check in question is the following XS code

if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");

SvPOK documentation http://perldoc.perl.org/perlapi.html#SvPOK

[karel-m]

ping

[jamesrleu]

Sorry for delay in responding, yes Crypt::Mac::HMAC->new($aproto, "$key"); fixed my issue

thank you!