LEMONLDAP::NG : security bug in Portal/Simple.pm

build/lemonldap-ng/debian/changelog

@@ -1,8 +1,9 @@
-lemonldap-ng (0.8.3) unstable; urgency=low
+lemonldap-ng (0.8.3) unstable; urgency=high
 
   * Syntax errors in configuration are now displayed
+  * Security fix: authentication could be replayed with another uid
 
- -- Xavier Guimard <x.guimard@free.fr>  Sat, 23 Jun 2007 21:57:02 +0200
+ -- Xavier Guimard <x.guimard@free.fr>  Tue, 03 Jul 2007 20:49:43 +0200
 
 lemonldap-ng (0.8.2.4) unstable; urgency=low
 

modules/lemonldap-ng-portal/Changes

@@ -1,5 +1,7 @@
 Revision history for Perl extension Lemonldap::NG::Portal.
 
+0.75  Tue Jul 3 20:42:09 2007
+	- Security fix: authentication could be replayed with another uid
 0.741 Tue Jul 3 7:21:16 2007
 	- Little bug in redirect sub
 

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal.pm

@@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
 
 print STDERR
 "See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
-our $VERSION = "0.74";
+our $VERSION = "0.75";
 
 1;
 

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm

@@ -13,7 +13,7 @@ use CGI::Cookie;
 require POSIX;
 use Lemonldap::NG::Portal::_i18n;
 
-our $VERSION = '0.741';
+our $VERSION = '0.75';
 
 our @ISA = qw(CGI Exporter);
 
@@ -131,8 +131,8 @@ sub header {
 # CGI.pm overload to add Lemonldap::NG cookie
 sub redirect {
     my $self = shift;
-    if ( $self->{cookie} ) {
-        $self->SUPER::redirect( @_, -cookie => $self->{cookie} );
+    if ( $_[0]->{cookie} ) {
+        $self->SUPER::redirect( @_, -cookie => $_[0]->{cookie} );
     }
     else {
         $self->SUPER::redirect(@_);
@@ -350,7 +350,6 @@ sub unbind {
 # 12. Default authentication: LDAP bind with user credentials
 sub authenticate {
     my $self = shift;
-    return PE_OK if ( $self->{id} );
     $self->unbind();
     my $err;
     return $err unless ( ( $err = $self->connectLDAP ) == PE_OK );