From ea2d2a47281ac947297587c2619df190bf3c23c4 Mon Sep 17 00:00:00 2001
From: "wurblzap%gmail.com" <>
Date: Sat, 21 Oct 2006 01:52:24 +0000
Subject: Bug 340538: Insecure dependency in exec while running with -T switch
 at /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16. Patch by
 Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk

---
 Bugzilla/User.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/User.pm')

diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index 02f17b85d..33c8535f5 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1490,7 +1490,8 @@ sub is_available_username {
 sub login_to_id {
     my ($login, $throw_error) = @_;
     my $dbh = Bugzilla->dbh;
-    # $login will only be used by the following SELECT statement, so it's safe.
+    # No need to validate $login -- it will be used by the following SELECT
+    # statement only, so it's safe to simply trick_taint.
     trick_taint($login);
     my $user_id = $dbh->selectrow_array("SELECT userid FROM profiles WHERE " .
                                         $dbh->sql_istrcmp('login_name', '?'),
@@ -1525,6 +1526,8 @@ sub validate_password {
     } elsif ((defined $matchpassword) && ($password ne $matchpassword)) {
         ThrowUserError('passwords_dont_match');
     }
+    # Having done these checks makes us consider the password untainted.
+    trick_taint($_[0]);
     return 1;
 }
 
@@ -1966,6 +1969,7 @@ we return an empty string.
 
 Returns true if a password is valid (i.e. meets Bugzilla's
 requirements for length and content), else returns false.
+Untaints C<$passwd1> if successful.
 
 If a second password is passed in, this function also verifies that
 the two passwords match.
-- 
cgit v1.2.3-24-g4f1b