diff options
author | mkanat%bugzilla.org <> | 2006-05-31 06:19:09 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2006-05-31 06:19:09 +0200 |
commit | 7b70d6c5950e2840db85b0207f715c58708e2e8d (patch) | |
tree | 936549a6ff4966f6596e488145ac7bee10f4836d /Bugzilla | |
parent | ee385c93da32df2d6d956d537a4508f874679945 (diff) | |
download | bugzilla-7b70d6c5950e2840db85b0207f715c58708e2e8d.tar.gz bugzilla-7b70d6c5950e2840db85b0207f715c58708e2e8d.tar.xz |
Bug 338573: Auth could throw an insecure dependency error if username is tainted
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Auth/Verify.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify.pm b/Bugzilla/Auth/Verify.pm index da277cefd..68a20f6df 100644 --- a/Bugzilla/Auth/Verify.pm +++ b/Bugzilla/Auth/Verify.pm @@ -106,10 +106,16 @@ sub create_or_update_user { validate_email_syntax($username) || return { failure => AUTH_ERROR, error => 'auth_invalid_email', details => {addr => $username} }; + # Username is more than likely tainted, but we only use it in a + # placeholder, and we've already validated it, so it's safe. + trick_taint($username); $dbh->do('UPDATE profiles SET login_name = ? WHERE userid = ?', $username, $user->id); } if ($real_name && $user->name ne $real_name) { + # $real_name is more than likely tainted, but we only use it + # in a placeholder and we never use it after this. + trick_taint($real_name); $dbh->do('UPDATE profiles SET realname = ? WHERE userid = ?', undef, $real_name, $user->id); } |