bug #4611 [security] DOS attack with long passwords

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Dec 2, 2014 · 1ac863c · 1ac863c
1 parent 9b2479b
commit 1ac863c
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog
 
 4.2.13.1 (not yet released)
 - bug #4612 [security] XSS vulnerability in redirection mechanism
+- bug #4611 [security] DOS attack with long passwords
 
 4.2.13.0 (2014-11-30)
 - bug #4604 Query history not being deleted

diff --git a/libraries/common.inc.php b/libraries/common.inc.php
@@ -859,6 +859,9 @@
                 . ' ' . $cfg['Server']['auth_type']
             );
         }
+        if (isset($_REQUEST['pma_password'])) {
+            $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
+        }
         include_once  './libraries/plugins/auth/' . $auth_class . '.class.php';
         // todo: add plugin manager
         $plugin_manager = null;
@@ -988,6 +991,8 @@
             $controllink = $userlink;
         }
 
+        $auth_plugin->storeUserCredentials();
+
         /* Log success */
         PMA_logUser($cfg['Server']['user']);
 

diff --git a/libraries/plugins/AuthenticationPlugin.class.php b/libraries/plugins/AuthenticationPlugin.class.php
@@ -41,6 +41,15 @@ abstract public function authCheck();
      */
     abstract public function authSetUser();
 
+    /**
+     * Stores user credentials after successful login.
+     *
+     * @return void
+     */
+    public function storeUserCredentials()
+    {
+    }
+
     /**
      * User is not allowed to login to MySQL -> authentication failed
      *

diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
@@ -557,6 +557,16 @@ public function authSetUser()
         unset($_SERVER['PHP_AUTH_PW']);
 
         $_SESSION['last_access_time'] = time();
+    }
+
+    /**
+     * Stores user credentials after successful login.
+     *
+     * @return void
+     */
+    public function storeUserCredentials()
+    {
+        global $cfg;
 
         $this->createBlowfishIV();