diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 18:14:11 +0200 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 18:14:11 +0200 |
| commit | 60343369b4f0cdcc758e8776839014ffcf8fcfb5 (patch) | |
| tree | 7091868fda5304a9c4dfcd36a6a1d97c3b49c8da /Bugzilla/Auth | |
| parent | 3771585c730f31f36a5efa3bd6b053ddf66bb2ba (diff) | |
| download | bugzilla-60343369b4f0cdcc758e8776839014ffcf8fcfb5.tar.gz bugzilla-60343369b4f0cdcc758e8776839014ffcf8fcfb5.tar.xz | |
Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force
r=LpSolit,a=sgreen
Diffstat (limited to 'Bugzilla/Auth')
| -rw-r--r-- | Bugzilla/Auth/Login/Cookie.pm | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index 91fb820fb..de9188c64 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -60,8 +60,8 @@ sub get_login_info { trick_taint($login_cookie); detaint_natural($user_id); - my $is_valid = - $dbh->selectrow_array('SELECT 1 + my $db_cookie = + $dbh->selectrow_array('SELECT cookie FROM logincookies WHERE cookie = ? AND userid = ? @@ -69,7 +69,7 @@ sub get_login_info { undef, ($login_cookie, $user_id, $ip_addr)); # If the cookie is valid, return a valid username. - if ($is_valid) { + if (defined $db_cookie && $login_cookie eq $db_cookie) { # If we logged in successfully, then update the lastused # time on the login cookie $dbh->do("UPDATE logincookies SET lastused = NOW() |