diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 18:05:10 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 18:05:10 +0200 |
commit | 3771585c730f31f36a5efa3bd6b053ddf66bb2ba (patch) | |
tree | 7e01b7252cf9246d00ae56caa0db014121483258 /token.cgi | |
parent | f3b17d9f5351d9eca8d2c7f0feb272432fc398c9 (diff) | |
download | bugzilla-3771585c730f31f36a5efa3bd6b053ddf66bb2ba.tar.gz bugzilla-3771585c730f31f36a5efa3bd6b053ddf66bb2ba.tar.xz |
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
r=LpSolit,a=glob
Diffstat (limited to 'token.cgi')
-rwxr-xr-x | token.cgi | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -67,9 +67,10 @@ if ($token) { trick_taint($token); # Make sure the token exists in the database. - my ($tokentype) = $dbh->selectrow_array('SELECT tokentype FROM tokens - WHERE token = ?', undef, $token); - $tokentype || ThrowUserError("token_does_not_exist"); + my ($db_token, $tokentype) = $dbh->selectrow_array('SELECT token, tokentype FROM tokens + WHERE token = ?', undef, $token); + (defined $db_token && $db_token eq $token && $tokentype) + || ThrowUserError("token_does_not_exist"); # Make sure the token is the correct type for the action being taken. if ( grep($action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) { |