Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force

Browse Source 
r=LpSolit,a=sgreen


git-svn-id: svn://10.0.0.236/trunk@265057 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org 2013-10-16 17:01:24 +00:00
parent e5338fb372
commit 71b4a797bc
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
8775 8776

6
mozilla/webtools/bugzilla/Bugzilla/Auth/Login/Cookie.pm
View File

@ -66,8 +66,8 @@ sub get_login_info {
trick_taint($login_cookie); trick_taint($login_cookie);
detaint_natural($user_id); detaint_natural($user_id);
my $is_valid = my $db_cookie =
$dbh->selectrow_array('SELECT 1 $dbh->selectrow_array('SELECT cookie
FROM logincookies FROM logincookies
WHERE cookie = ? WHERE cookie = ?
AND userid = ? AND userid = ?
@ -77,7 +77,7 @@ sub get_login_info {
# If the cookie or token is valid, return a valid username. # If the cookie or token is valid, return a valid username.
# If they were not valid and we are using a webservice, then # If they were not valid and we are using a webservice, then
# throw an error notifying the client. # throw an error notifying the client.
if ($is_valid) { if (defined $db_cookie && $login_cookie eq $db_cookie) {
# If we logged in successfully, then update the lastused # If we logged in successfully, then update the lastused
# time on the login cookie # time on the login cookie
$dbh->do("UPDATE logincookies SET lastused = NOW() $dbh->do("UPDATE logincookies SET lastused = NOW()