diff options
| author | Kai Blin <kai@samba.org> | 2013-01-28 21:41:07 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2013-01-29 09:49:31 +0100 |
| commit | 91f4275873ebeda8f57684f09df67162ae80515a (patch) | |
| tree | 306cbae9414b4e2b157a6f688286eab123d5c970 /source3/web/swat.c | |
| parent | 71225948a249f079120282740fcc39fd6faa880e (diff) | |
| download | samba-3.6.12.tar.gz | |
swat: Use additional nonce on XSRF protectionsamba-3.6.12
If the user had a weak password on the root account of a machine running
SWAT, there still was a chance of being targetted by an XSRF on a
malicious web site targetting the SWAT setup.
Use a random nonce stored in secrets.tdb to close this possible attack
window. Thanks to Jann Horn for reporting this issue.
Signed-off-by: Kai Blin <kai@samba.org>
Fix bug #9577: CVE-2013-0214: Potential XSRF in SWAT.
Diffstat (limited to 'source3/web/swat.c')
| -rw-r--r-- | source3/web/swat.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c index ed80c383dc8..f8933d21c84 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -154,6 +154,7 @@ void get_xsrf_token(const char *username, const char *pass, MD5_CTX md5_ctx; uint8_t token[16]; int i; + char *nonce = cgi_nonce(); token_str[0] = '\0'; ZERO_STRUCT(md5_ctx); @@ -167,6 +168,7 @@ void get_xsrf_token(const char *username, const char *pass, if (pass != NULL) { MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); } + MD5Update(&md5_ctx, (uint8_t *)nonce, strlen(nonce)); MD5Final(token, &md5_ctx); |