From e78f6c00cd7cb6291641dfbea3d1c201c0944d5a Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Wed, 16 Oct 2013 12:16:27 -0400
Subject: Bug 907438 - In MySQL, login cookie checking is not case-sensitive,
 reducing total entropy and allowing easier brute force r=LpSolit,a=sgreen

---
 Bugzilla/Auth/Login/Cookie.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'Bugzilla/Auth/Login/Cookie.pm')

diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 3068331ea..d2f9e2f1e 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -66,8 +66,8 @@ sub get_login_info {
         trick_taint($login_cookie);
         detaint_natural($user_id);
 
-        my $is_valid =
-          $dbh->selectrow_array('SELECT 1
+        my $db_cookie =
+          $dbh->selectrow_array('SELECT cookie
                                    FROM logincookies
                                   WHERE cookie = ?
                                         AND userid = ?
@@ -77,7 +77,7 @@ sub get_login_info {
         # If the cookie or token is valid, return a valid username.
         # If they were not valid and we are using a webservice, then
         # throw an error notifying the client.
-        if ($is_valid) {
+        if (defined $db_cookie && $login_cookie eq $db_cookie) {
             # If we logged in successfully, then update the lastused 
             # time on the login cookie
             $dbh->do("UPDATE logincookies SET lastused = NOW() 
-- 
cgit v1.2.3-24-g4f1b