Bug 338573: Auth could throw an insecure dependency error if username is tainted

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
author: mkanat%bugzilla.org <> 2006-05-31 06:19:09 +0200
committer: mkanat%bugzilla.org <> 2006-05-31 06:19:09 +0200
commit: 7b70d6c5950e2840db85b0207f715c58708e2e8d (patch)
tree: 936549a6ff4966f6596e488145ac7bee10f4836d
parent: ee385c93da32df2d6d956d537a4508f874679945 (diff)
download: bugzilla-7b70d6c5950e2840db85b0207f715c58708e2e8d.tar.gz
bugzilla-7b70d6c5950e2840db85b0207f715c58708e2e8d.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify.pm b/Bugzilla/Auth/Verify.pm
index da277cefd..68a20f6df 100644
--- a/Bugzilla/Auth/Verify.pm
+++ b/Bugzilla/Auth/Verify.pm
@@ -106,10 +106,16 @@ sub create_or_update_user {
         validate_email_syntax($username)
           || return { failure => AUTH_ERROR, error => 'auth_invalid_email',
                       details => {addr => $username} };
+        # Username is more than likely tainted, but we only use it in a
+        # placeholder, and we've already validated it, so it's safe.
+        trick_taint($username);
         $dbh->do('UPDATE profiles SET login_name = ? WHERE userid = ?',
                  $username, $user->id);
     }
     if ($real_name && $user->name ne $real_name) {
+        # $real_name is more than likely tainted, but we only use it
+        # in a placeholder and we never use it after this.
+        trick_taint($real_name);
         $dbh->do('UPDATE profiles SET realname = ? WHERE userid = ?',
                  undef, $real_name, $user->id);
     }
author	mkanat%bugzilla.org <>	2006-05-31 06:19:09 +0200
committer	mkanat%bugzilla.org <>	2006-05-31 06:19:09 +0200
commit	7b70d6c5950e2840db85b0207f715c58708e2e8d (patch)
tree	936549a6ff4966f6596e488145ac7bee10f4836d
parent	ee385c93da32df2d6d956d537a4508f874679945 (diff)
download	bugzilla-7b70d6c5950e2840db85b0207f715c58708e2e8d.tar.gz bugzilla-7b70d6c5950e2840db85b0207f715c58708e2e8d.tar.xz