Bug 338573: Auth could throw an insecure dependency error if username is tainted

Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave

Bug 338573: Auth could throw an insecure dependency error if username is tainted
7b70d6c5 · mkanat%bugzilla.org · ee385c93 · 7b70d6c5
Commit 7b70d6c5 authored May 31, 2006 by mkanat%bugzilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

Verify.pm Bugzilla/Auth/Verify.pm +6 -0

No files found.
--- a/Bugzilla/Auth/Verify.pm
+++ b/Bugzilla/Auth/Verify.pm
@@ -106,10 +106,16 @@ sub create_or_update_user {
        validate_email_syntax($username)
          || return { failure => AUTH_ERROR, error => 'auth_invalid_email',
                      details => {addr => $username} };
+        # Username is more than likely tainted, but we only use it in a
+        # placeholder, and we've already validated it, so it's safe.
+        trick_taint($username);
        $dbh->do('UPDATE profiles SET login_name = ? WHERE userid = ?',
                 $username, $user->id);
    }
    if ($real_name && $user->name ne $real_name) {
+        # $real_name is more than likely tainted, but we only use it
+        # in a placeholder and we never use it after this.
+        trick_taint($real_name);
        $dbh->do('UPDATE profiles SET realname = ? WHERE userid = ?',
                 undef, $real_name, $user->id);
    }