Jarod, et al.:
This is a patch to addresses an issue I discovered yesterday in
CosignModule-1.0.0beta2. The issue is as follows:
When the socket connection(s) between the IIS7 CosignModule filter and
central CoSign server(s) times out/is closed, as determined in the first
/for/ loop in ConnectionList::CheckCookie, the function reattempts
cookie validation by calling itself. However the return value from this
second CheckCookie call was not being set in the /status/ variable.
Additionally, the following /if/ statement should be skipped if the
second CheckCookie call successfully validated the cookie (and ran that
/if/ statement).
Patched against cosignmodule HEAD as of this morning (2009-02-19 10:00
EST). Please see attached.
Best,
Darian
--
________________________________________________________________________
Darian Anthony Patrick
Senior Programmer Analyst, Application Security
Office of Information Systems & Computing Voice: (215) 573-1955
Networking & Telecommunications Unit E-mail: [email protected]
University of Pennsylvania Jabber/XMPP: [email protected]
---
CFC7 DF03 337E F7F6 1829 71ED 1038 88AF 3C88 E55C
________________________________________________________________________
Index: ConnectionList.cpp
===================================================================
RCS file: /cvsroot/cosign/cosignmodule/ConnectionList.cpp,v
retrieving revision 1.2
diff -u -r1.2 ConnectionList.cpp
--- ConnectionList.cpp 24 Mar 2008 21:27:26 -0000 1.2
+++ ConnectionList.cpp 19 Feb 2009 18:13:21 -0000
@@ -245,10 +245,15 @@
CosignTrace0( L"Repopulating and trying again..." );
Depopulate();
Populate();
- CheckCookie( cookie, csi, FALSE );
+ status = CheckCookie( cookie, csi, FALSE );
}
- if ( status == COSIGNLOGGEDIN ) {
+ /*
+ * DAP UPENN: If status is COSIGNLOGGEDIN but goodConnnections is 0,
+ * that means we repopulated and tried again successfully above and,
+ * therefore, this block shouldn't run
+ */
+ if ( status == COSIGNLOGGEDIN && goodConnections != 0) {
CosignTrace0( L"Putting values into csi" );
std::vector<std::string> authData;
std::stringstream cookieParser( in );
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
