From 702b9ca394a2f3ad3079dc60558a6977f7bd2c4c Mon Sep 17 00:00:00 2001 From: Eric Wustrow Date: Tue, 17 Jul 2012 21:27:00 -0400 Subject: [PATCH] Use hashcash python library directly, instead of subprocess. We should really try to avoid calling out to potentially untrusted binaries, especially as we are running as root --- client-webserver/client.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/client-webserver/client.py b/client-webserver/client.py index e04014ef2..78dfd817a 100755 --- a/client-webserver/client.py +++ b/client-webserver/client.py @@ -3,8 +3,9 @@ from chocolate_protocol_pb2 import chocolatemessage import M2Crypto import urllib2, os, sys, time, random, sys, hashlib, subprocess +import hashcash # It is OK to use the upstream M2Crypto here instead of our modified -# version. +# version. (Same with hashcash) difficulty = 23 # bits of hashcash to generate @@ -61,8 +62,8 @@ def make_request(m, csr): m.request.recipient = server m.request.timestamp = int(time.time()) m.request.csr = csr - hashcash_command = "hashcash -P -m -b %d -r %s" % (difficulty, server) - m.request.clientpuzzle = subprocess.check_output(hashcash_command.split(), shell=False).rstrip() + m.request.clientpuzzle = hashcash.mint(resource=server, bits=difficulty, \ + stamp_seconds=True) def sign(key, m): m.request.sig = rsa_sign(key, ("(%d) (%s) (%s)" % (m.request.timestamp, m.request.recipient, m.request.csr)))