Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 188405 Details for
Bug 266129
<net-im/openfire-3.7.0: Multiple password related vulnerabilities (CVE-2009-{1595,1596})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch against openfire_src/src/java/org/jivesoftware/openfire/handler/IQAuthHandler.java
IQAuthHandler.patch (text/plain), 1.96 KB, created by
Alex Legler (RETIRED)
on 2009-04-15 09:28:29 UTC
(
hide
)
Description:
Patch against openfire_src/src/java/org/jivesoftware/openfire/handler/IQAuthHandler.java
Filename:
MIME Type:
Creator:
Alex Legler (RETIRED)
Created:
2009-04-15 09:28:29 UTC
Size:
1.96 KB
patch
obsolete
>Index: IQAuthHandler.java >=================================================================== >--- IQAuthHandler.java (revision 10999) >+++ IQAuthHandler.java (working copy) >@@ -139,14 +139,33 @@ > } > > // If we're already logged in, this is a password reset >- if (session.getStatus() == Session.STATUS_AUTHENTICATED) { >- response = passwordReset(password, packet, username, session); >+ if (session.getStatus() == Session.STATUS_AUTHENTICATED >+ && session.getUsername().equalsIgnoreCase( >+ username)) >+ { >+ if (password != null >+ && !password.trim().isEmpty()) >+ { >+ response = passwordReset(password, packet, >+ username, session); >+ } >+ else >+ { >+ response = IQ.createResultIQ(packet); >+ response.setError(PacketError.Condition.not_allowed); >+ response.setType(IQ.Type.error); >+ } > } >- else { >+ else if (session.getStatus() != Session.STATUS_AUTHENTICATED) >+ { > // it is an auth attempt > response = login(username, query, packet, password, session, digest); > resourceBound = session.getStatus() == Session.STATUS_AUTHENTICATED; > } >+ else >+ { >+ throw new UnauthorizedException(); >+ } > } > } > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 266129
: 188405