fix(master): 修复群组负数 Chat ID 导致 OpenSSL HMAC 签名引擎参数注入崩溃的致命缺陷 (Resolves #58)

2026-06-03 15:59:40 +08:00 · 2026-05-30 02:39:57 +00:00
parent 8a5dc41d35
commit 0740e08777
1 changed files with 2 additions and 1 deletions
--- a/master/tg_master.sh
+++ b/master/tg_master.sh
@@ -76,7 +76,8 @@ generate_signed_url() {
    local current_t=$(date +%s)
    
    local payload="${action_path}:${current_t}"
-    local signature=$(echo -n "$payload" | openssl dgst -sha256 -hmac "$CHAT_ID" | awk '{print $NF}')
+    # [v4.1.7 致命修复] 弃用 -hmac，改用 -macopt 标准语法，彻底杜绝 TG 群组负数 ID 导致的 OpenSSL 参数注入崩溃
+    local signature=$(echo -n "$payload" | openssl dgst -sha256 -mac HMAC -macopt key:"$CHAT_ID" | awk '{print $NF}')
    
    echo "https://${target_ip}:${target_port}${action_path}?t=${current_t}&sign=${signature}"
 }