summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2015-01-20 22:34:23 +0100
committerBenny Baumann <BenBE@geshi.org>2015-01-20 22:34:23 +0100
commit1b84a19e599e5cf311a7950f955ae61fbff8a015 (patch)
tree9190ef181c3c8c0c471391e75dc3fecef326eae1
parent41ace6dc77532a5d982af220e14a29714e0ab34b (diff)
downloadcacert-devel-1b84a19e599e5cf311a7950f955ae61fbff8a015.tar.gz
cacert-devel-1b84a19e599e5cf311a7950f955ae61fbff8a015.tar.xz
cacert-devel-1b84a19e599e5cf311a7950f955ae61fbff8a015.zip
bug 1354: Bruteforce UTF-8 out of the database
-rw-r--r--www/gpg.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/www/gpg.php b/www/gpg.php
index b3a4787..4e05a88 100644
--- a/www/gpg.php
+++ b/www/gpg.php
@@ -455,11 +455,16 @@ function verifyName($name)
{
if($name == "") return 0;
- $q = mysql_query("SELECT CONVERT(fname USING UTF8), CONVERT(mname USING UTF8), CONVERT(lname USING UTF8), CONVERT(suffix USING UTF8) FROM users WHERE id='" . intval($_SESSION["profile"]["id"]) . "'");
+ $q = mysql_query("SELECT HEX(CONVERT(users.fname USING utf8)) as fname, HEX(CONVERT(users.mname USING utf8)) as mname, HEX(CONVERT(users.lname USING utf8)) as lname, HEX(CONVERT(users.suffix USING UTF8)) as suffix FROM users WHERE id='" . intval($_SESSION["profile"]["id"]) . "'");
if( false === ($row = mysql_fetch_assoc($q)) ) {
return 0;
}
+ $row['fname'] = hex2bin($row['fname']);
+ $row['mname'] = hex2bin($row['mname']);
+ $row['lname'] = hex2bin($row['lname']);
+ $row['suffix'] = hex2bin($row['suffix']);
+
if(compareName($name, $row['fname']." ".$row['lname'])) return 1; // John Doe
if(compareName($name, $row['fname']." ".$row['mname']." ".$row['lname'])) return 1; // John Joseph Doe
if(compareName($name, $row['fname']." ".$row['mname'][0]." ".$row['lname'])) return 1; // John J Doe