Commit 1e951fab authored by Yadd's avatar Yadd
Browse files

Fix CVE-2019-12046 for 1.3 branch

parent 5e92437e
......@@ -896,6 +896,12 @@ sub retrieveSession {
$class->lmLog( "Session $id can't be retrieved: $@", 'info' );
return 0;
}
unless($h{startTime}) {
untie %h;
$class->lmLog( "Session $id is invalid", 'error' );
return 0;
}
# Update the session to notify activity, if necessary
$h{_lastSeen} = time() if ($timeoutActivity);
......
......@@ -1728,7 +1728,7 @@ sub controlExistingSession {
{
my $h = $self->getApacheSession($id);
if ($h) {
if ($h and $h->{startTime}) {
%{ $self->{sessionInfo} } = %$h;
# Logout if required
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment