From: Paul Hänsch Date: Thu, 30 May 2019 11:50:13 +0000 (+0200) Subject: Bugfix (security): fail session id check on undetermined condition X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=506e2f9f146c13919e65a9bbbd844391b96bbe9d;p=cgilite Bugfix (security): fail session id check on undetermined condition --- diff --git a/session.sh b/session.sh index 5bf8fad..8ed8d88 100755 --- a/session.sh +++ b/session.sh @@ -62,9 +62,9 @@ update_session(){ checksig="${checksig%% *}" d=$(date +%s) - if [ "$checksig" != "$sig" \ - -o "$time" -lt "$d" \ - -o ! "$(printf %s "$sid" |checkid)" ] 2>&- + if ! [ "$checksig" = "$sig" \ + -a "$time" -ge "$d" \ + -a "$(printf %s "$sid" |checkid)" ] 2>&- then debug Setting up new session sid="$(randomid)"