WebServiceSecurity.ValidateLoginer方法要抛出异常
WebServiceSecurity.ValidateLoginer方法要抛出异常漏洞:
"return false" 语法 要改为 throw new Exception("验证用户资料失败!");
WebServiceSecurity.cs
既使登录信息无效程序仍会继续运行,必须抛出异常,改为以下代码:
C# Code:
public static bool ValidateLoginIdentity(byte[] validationTicket)
{
if ((validationTicket == null) || (validationTicket.Length < LOGIN_TICKET.Length))
//return false; //位数不够,验证失败
throw new Exception("验证用户资料失败!");
.....略.....
}
public static bool ValidateLoginIdentity(byte[] validationTicket)
{
if ((validationTicket == null) || (validationTicket.Length < LOGIN_TICKET.Length))
//return false; //位数不够,验证失败
throw new Exception("验证用户资料失败!");
.....略.....
}
C# Code:
public static Loginer ValidateLoginer(byte[] loginer)
{
//用户登录信息的长度小于伪码长度,数据包无效!
if (loginer.Length < PREFIX_LEN SUFFIX_LEN) //return null;
throw new Exception("验证用户资料失败!");
.....略.....
}
public static Loginer ValidateLoginer(byte[] loginer)
{
//用户登录信息的长度小于伪码长度,数据包无效!
if (loginer.Length < PREFIX_LEN SUFFIX_LEN) //return null;
throw new Exception("验证用户资料失败!");
.....略.....
}
扫一扫加作者微信
版权声明:本文为开发框架文库发布内容,转载请附上原文出处连接
NewDoc C/S框架网
