From 3771585c730f31f36a5efa3bd6b053ddf66bb2ba Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Wed, 16 Oct 2013 12:05:10 -0400 Subject: Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force r=LpSolit,a=glob --- token.cgi | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'token.cgi') diff --git a/token.cgi b/token.cgi index 20870159a..ae9800d72 100755 --- a/token.cgi +++ b/token.cgi @@ -67,9 +67,10 @@ if ($token) { trick_taint($token); # Make sure the token exists in the database. - my ($tokentype) = $dbh->selectrow_array('SELECT tokentype FROM tokens - WHERE token = ?', undef, $token); - $tokentype || ThrowUserError("token_does_not_exist"); + my ($db_token, $tokentype) = $dbh->selectrow_array('SELECT token, tokentype FROM tokens + WHERE token = ?', undef, $token); + (defined $db_token && $db_token eq $token && $tokentype) + || ThrowUserError("token_does_not_exist"); # Make sure the token is the correct type for the action being taken. if ( grep($action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) { -- cgit v1.2.3-24-g4f1b From 6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15 Mon Sep 17 00:00:00 2001 From: Dave Lawrence Date: Wed, 16 Oct 2013 12:27:00 -0400 Subject: Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force r=LpSolit,a=sgreen --- token.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'token.cgi') diff --git a/token.cgi b/token.cgi index ae9800d72..901094be4 100755 --- a/token.cgi +++ b/token.cgi @@ -69,7 +69,7 @@ if ($token) { # Make sure the token exists in the database. my ($db_token, $tokentype) = $dbh->selectrow_array('SELECT token, tokentype FROM tokens WHERE token = ?', undef, $token); - (defined $db_token && $db_token eq $token && $tokentype) + (defined $db_token && $db_token eq $token) || ThrowUserError("token_does_not_exist"); # Make sure the token is the correct type for the action being taken. -- cgit v1.2.3-24-g4f1b