From 506e2f9f146c13919e65a9bbbd844391b96bbe9d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Thu, 30 May 2019 13:50:13 +0200 Subject: [PATCH] Bugfix (security): fail session id check on undetermined condition --- session.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/session.sh b/session.sh index 5bf8fad..8ed8d88 100755 --- a/session.sh +++ b/session.sh @@ -62,9 +62,9 @@ update_session(){ checksig="${checksig%% *}" d=$(date +%s) - if [ "$checksig" != "$sig" \ - -o "$time" -lt "$d" \ - -o ! "$(printf %s "$sid" |checkid)" ] 2>&- + if ! [ "$checksig" = "$sig" \ + -a "$time" -ge "$d" \ + -a "$(printf %s "$sid" |checkid)" ] 2>&- then debug Setting up new session sid="$(randomid)" -- 2.39.2