Permalink
Browse files

Fixed IP address spoofing vulnerablity in Session_cookie.php

$_SERVER['SERVER_NAME'] is the only variable that cannot be completely controlled by an attacker.
  • Loading branch information...
1 parent 37c85d7 commit 0dcaee3bab460e7e5672e1a166e76990e0c0ccd7 @TheRook committed Oct 13, 2012
Showing with 3 additions and 3 deletions.
  1. +3 −3 system/libraries/Session/drivers/Session_cookie.php
@@ -412,7 +412,7 @@ protected function _sess_read()
}
// Does the IP match?
- if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
+ if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $_SERVER['REMOTE_ADDR'])
{
$this->sess_destroy();
return FALSE;
@@ -491,7 +491,7 @@ protected function _sess_create()
// Initialize userdata
$this->userdata = array(
'session_id' => $this->_make_sess_id(),
- 'ip_address' => $this->CI->input->ip_address(),
+ 'ip_address' => $_SERVER['REMOTE_ADDR'],
'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
'last_activity' => $this->now,
);
@@ -615,7 +615,7 @@ protected function _make_sess_id()
while (strlen($new_sessid) < 32);
// To make the session ID even more secure we'll combine it with the user's IP
- $new_sessid .= $this->CI->input->ip_address();
+ $new_sessid .= $_SERVER['REMOTE_ADDR'];
// Turn it into a hash and return
return md5(uniqid($new_sessid, TRUE));

0 comments on commit 0dcaee3

Please sign in to comment.