]> git.ipfire.org Git - thirdparty/bugzilla.git/commitdiff
projects / thirdparty / bugzilla.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 25ee1bf)
Bug 600464: (CVE-2010-3172) [SECURITY] Content/Header injection due to non-random...
authorByron Jones <glob@glob.com.au>
Tue, 2 Nov 2010 23:22:45 +0000 (00:22 +0100)
committerFrédéric Buclin <LpSolit@gmail.com>
Tue, 2 Nov 2010 23:22:45 +0000 (00:22 +0100)
r=mkanat a=LpSolit

Bugzilla/CGI.pm patch | blob | blame | history

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index b8011d0abba640169f99cedc015066226e2d4fac..5f81a5babe4d2bd7658162a29b99ae8e89ffdc41 100644 (file)
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -219,7 +219,8 @@ sub multipart_init {
     }
 
     # Set the MIME boundary and content-type
-    my $boundary = $param{'-boundary'} || '------- =_aaaaaaaaaa0';
+    my $boundary = $param{'-boundary'}
+        || '------- =_' . generate_random_password(16);
     delete $param{'-boundary'};
     $self->{'separator'} = "\r\n--$boundary\r\n";
     $self->{'final_separator'} = "\r\n--$boundary--\r\n";
Mirror of https://github.com/bugzilla/bugzilla.git