diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 12:16:27 -0400 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 12:16:27 -0400 |
commit | e78f6c00cd7cb6291641dfbea3d1c201c0944d5a (patch) | |
tree | 2ebce7cd4ca29ea1afc3a226241864eee0700464 /Bugzilla/Auth/Login/Cookie.pm | |
parent | 024a376986e7c178d82778bb21aaad2aef0b540f (diff) | |
download | bugs-e78f6c00cd7cb6291641dfbea3d1c201c0944d5a.tar bugs-e78f6c00cd7cb6291641dfbea3d1c201c0944d5a.tar.gz bugs-e78f6c00cd7cb6291641dfbea3d1c201c0944d5a.tar.bz2 bugs-e78f6c00cd7cb6291641dfbea3d1c201c0944d5a.tar.xz bugs-e78f6c00cd7cb6291641dfbea3d1c201c0944d5a.zip |
Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
r=LpSolit,a=sgreen
Diffstat (limited to 'Bugzilla/Auth/Login/Cookie.pm')
-rw-r--r-- | Bugzilla/Auth/Login/Cookie.pm | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index 3068331ea..d2f9e2f1e 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -66,8 +66,8 @@ sub get_login_info { trick_taint($login_cookie); detaint_natural($user_id); - my $is_valid = - $dbh->selectrow_array('SELECT 1 + my $db_cookie = + $dbh->selectrow_array('SELECT cookie FROM logincookies WHERE cookie = ? AND userid = ? @@ -77,7 +77,7 @@ sub get_login_info { # If the cookie or token is valid, return a valid username. # If they were not valid and we are using a webservice, then # throw an error notifying the client. - if ($is_valid) { + if (defined $db_cookie && $login_cookie eq $db_cookie) { # If we logged in successfully, then update the lastused # time on the login cookie $dbh->do("UPDATE logincookies SET lastused = NOW() |