summaryrefslogtreecommitdiffstats
path: root/relogin.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2010-08-04 23:41:02 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2010-08-04 23:41:02 +0200
commit2ea4b3d38e8a012f61d20e6831daaf06493c3d95 (patch)
tree417fb44234468b46c3cbbf8659173e68161d9680 /relogin.cgi
parent1741f7c98b480f25fa707011e00765353499dd8f (diff)
downloadbugzilla-2ea4b3d38e8a012f61d20e6831daaf06493c3d95.tar.gz
bugzilla-2ea4b3d38e8a012f61d20e6831daaf06493c3d95.tar.xz
Bug 450013: (CVE-2010-2757) [SECURITY] Can sudo a user without sending email
r=glob a=LpSolit
Diffstat (limited to 'relogin.cgi')
-rwxr-xr-xrelogin.cgi8
1 files changed, 6 insertions, 2 deletions
diff --git a/relogin.cgi b/relogin.cgi
index 7dcbde625..0e04b1bdc 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -147,12 +147,13 @@ elsif ($action eq 'begin-sudo') {
$reason = substr($reason, $[, 200);
# Calculate the session expiry time (T + 6 hours)
- my $time_string = time2str('%a, %d-%b-%Y %T %Z', time+(6*60*60), 'GMT');
+ my $time_string = time2str('%a, %d-%b-%Y %T %Z', time + MAX_SUDO_TOKEN_AGE, 'GMT');
# For future sessions, store the unique ID of the target user
+ my $token = Bugzilla::Token::_create_token($user->id, 'sudo', $target_user->id);
$cgi->send_cookie('-name' => 'sudo',
'-expires' => $time_string,
- '-value' => $target_user->id
+ '-value' => $token
);
# For the present, change the values of Bugzilla::user & Bugzilla::sudoer
@@ -173,6 +174,7 @@ elsif ($action eq 'begin-sudo') {
# end-sudo: End the current sudo session (if one is in progress)
elsif ($action eq 'end-sudo') {
# Regardless of our state, delete the sudo cookie if it exists
+ my $token = $cgi->cookie('sudo');
$cgi->remove_cookie('sudo');
# Are we in an sudo session?
@@ -181,6 +183,8 @@ elsif ($action eq 'end-sudo') {
if (defined($sudoer)) {
Bugzilla->sudo_request($sudoer, undef);
}
+ # Now that the session is over, remove the token from the DB.
+ delete_token($token);
# NOTE: If you want to log the end of an sudo session, so it here.