Skip to content

bugzilla
bugzilla
Commit e78f6c00 authored by Dave Lawrence's avatar Dave Lawrence
Browse files
Options

Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing…

Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force r=LpSolit,a=sgreen
parent 024a3769
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 3 deletions
Bugzilla/Auth/Login/Cookie.pm
View file @ e78f6c00
...@@ -66,8 +66,8 @@ sub get_login_info { ...@@ -66,8 +66,8 @@ sub get_login_info {
trick_taint($login_cookie); trick_taint($login_cookie);
detaint_natural($user_id); detaint_natural($user_id);
my $is_valid = my $db_cookie =
$dbh->selectrow_array('SELECT 1 $dbh->selectrow_array('SELECT cookie
FROM logincookies FROM logincookies
WHERE cookie = ? WHERE cookie = ?
AND userid = ? AND userid = ?
...@@ -77,7 +77,7 @@ sub get_login_info { ...@@ -77,7 +77,7 @@ sub get_login_info {
# If the cookie or token is valid, return a valid username. # If the cookie or token is valid, return a valid username.
# If they were not valid and we are using a webservice, then # If they were not valid and we are using a webservice, then
# throw an error notifying the client. # throw an error notifying the client.
if ($is_valid) { if (defined $db_cookie && $login_cookie eq $db_cookie) {
# If we logged in successfully, then update the lastused # If we logged in successfully, then update the lastused
# time on the login cookie # time on the login cookie
$dbh->do("UPDATE logincookies SET lastused = NOW() $dbh->do("UPDATE logincookies SET lastused = NOW()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment