From 60343369b4f0cdcc758e8776839014ffcf8fcfb5 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Wed, 16 Oct 2013 12:14:11 -0400 Subject: Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force r=LpSolit,a=sgreen --- Bugzilla/Auth/Login/Cookie.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Bugzilla/Auth/Login/Cookie.pm') diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index 91fb820fb..de9188c64 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -60,8 +60,8 @@ sub get_login_info { trick_taint($login_cookie); detaint_natural($user_id); - my $is_valid = - $dbh->selectrow_array('SELECT 1 + my $db_cookie = + $dbh->selectrow_array('SELECT cookie FROM logincookies WHERE cookie = ? AND userid = ? @@ -69,7 +69,7 @@ sub get_login_info { undef, ($login_cookie, $user_id, $ip_addr)); # If the cookie is valid, return a valid username. - if ($is_valid) { + if (defined $db_cookie && $login_cookie eq $db_cookie) { # If we logged in successfully, then update the lastused # time on the login cookie $dbh->do("UPDATE logincookies SET lastused = NOW() -- cgit v1.2.3-24-g4f1b