diff options
| author |  Yong Tang <yong.tang.github@outlook.com>
| 2022-03-07 09:55:10 -0800 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-03-07 09:55:10 -0800 |
| commit | c7b55230e036c188d92a9b2f178aac5aec196e68 (patch) | |
| tree | 6f21c0f43762d572a42ac4f3a2e0af6f17df0e4f /plugin | |
| parent | 3fe9d41a211055d748f4d98013aa86e7ffc1e63f (diff) | |
| download | coredns-c7b55230e036c188d92a9b2f178aac5aec196e68.tar.gz coredns-c7b55230e036c188d92a9b2f178aac5aec196e68.tar.zst coredns-c7b55230e036c188d92a9b2f178aac5aec196e68.zip | |
[plugin/reload]: Change hash from md5 to sha512 (#5226)
This PR changes the reload plugin's hash from md5 to sha512,
for the purpose of avoid using md5. MD5 is a weak hash algorithm
and for security reasons we will avoid using it.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/reload/README.md | 4 | ||||
| -rw-r--r-- | plugin/reload/reload.go | 16 |
2 files changed, 10 insertions, 10 deletions
diff --git a/plugin/reload/README.md b/plugin/reload/README.md index 99f6405ca..1288a23f5 100644 --- a/plugin/reload/README.md +++ b/plugin/reload/README.md @@ -10,7 +10,7 @@ This plugin allows automatic reload of a changed _Corefile_. To enable automatic reloading of _zone file_ changes, use the `auto` plugin. This plugin periodically checks if the Corefile has changed by reading -it and calculating its MD5 checksum. If the file has changed, it reloads +it and calculating its SHA512 checksum. If the file has changed, it reloads CoreDNS with the new Corefile. This eliminates the need to send a SIGHUP or SIGUSR1 after changing the Corefile. @@ -101,7 +101,7 @@ CoreDNS v1.7.0 and later does parse the Corefile and supports detecting changes * `coredns_reload_failed_total{}` - counts the number of failed reload attempts. * `coredns_reload_version_info{hash, value}` - record the hash value during reload. -Currently the type of `hash` is "md5", the `value` is the returned hash value. +Currently the type of `hash` is "sha512", the `value` is the returned hash value. ## See Also diff --git a/plugin/reload/reload.go b/plugin/reload/reload.go index e3e05fb37..632c0369e 100644 --- a/plugin/reload/reload.go +++ b/plugin/reload/reload.go @@ -3,7 +3,7 @@ package reload import ( "bytes" - "crypto/md5" + "crypto/sha512" "encoding/hex" "encoding/json" "sync" @@ -78,8 +78,8 @@ func hook(event caddy.EventName, info interface{}) error { return err } - md5sum := md5.Sum(parsedCorefile) - log.Infof("Running configuration MD5 = %x\n", md5sum) + sha512sum := sha512.Sum512(parsedCorefile) + log.Infof("Running configuration SHA512 = %x\n", sha512sum) go func() { tick := time.NewTicker(r.interval()) @@ -96,16 +96,16 @@ func hook(event caddy.EventName, info interface{}) error { log.Warningf("Corefile parse failed: %s", err) continue } - s := md5.Sum(parsedCorefile) - if s != md5sum { - reloadInfo.Delete(prometheus.Labels{"hash": "md5", "value": hex.EncodeToString(md5sum[:])}) + s := sha512.Sum512(parsedCorefile) + if s != sha512sum { + reloadInfo.Delete(prometheus.Labels{"hash": "sha512", "value": hex.EncodeToString(sha512sum[:])}) // Let not try to restart with the same file, even though it is wrong. - md5sum = s + sha512sum = s // now lets consider that plugin will not be reload, unless appear in next config file // change status of usage will be reset in setup if the plugin appears in config file r.setUsage(maybeUsed) _, err := instance.Restart(corefile) - reloadInfo.WithLabelValues("md5", hex.EncodeToString(md5sum[:])).Set(1) + reloadInfo.WithLabelValues("sha512", hex.EncodeToString(sha512sum[:])).Set(1) if err != nil { log.Errorf("Corefile changed but reload failed: %s", err) failedCount.Add(1) |