From a9dbe393194b58447f20984eff03d366c03a01e4 Mon Sep 17 00:00:00 2001 From: Diva Canto Date: Fri, 27 Apr 2012 10:39:20 -0700 Subject: MapImage security issue. Compare strings instead of IPAddresses. --- OpenSim/Server/Handlers/Map/MapAddServerConnector.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenSim/Server/Handlers') diff --git a/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs b/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs index a612114..8ba188d 100644 --- a/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs +++ b/OpenSim/Server/Handlers/Map/MapAddServerConnector.cs @@ -133,7 +133,7 @@ namespace OpenSim.Server.Handlers.MapImage if (r != null) { System.Net.IPAddress ipAddr = GetCallerIP(httpRequest); - if (r.ExternalEndPoint.Address != ipAddr) + if (r.ExternalEndPoint.Address.ToString() != ipAddr.ToString()) { m_log.WarnFormat("[MAP IMAGE HANDLER]: IP address {0} may be trying to impersonate region in IP {1}", ipAddr, r.ExternalEndPoint.Address); return FailureResult("IP address of caller does not match IP address of registered region"); -- cgit v1.1