proxy.cgi: Correctly validate domain lists
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire Reported-by: Noriko Totsuka <vuls@jpcert.or.jp> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
Peter Müller
parent
7cb63527d9
commit
ba4f53c565
|
|
@ -756,6 +756,17 @@ sub validdomainname
|
|||
return 1;
|
||||
}
|
||||
|
||||
sub validwildcarddomainname($) {
|
||||
my $domainname = shift;
|
||||
|
||||
# Ignore any leading dots
|
||||
if ($domainname =~ m/^\*\.(.*)/) {
|
||||
$domainname = $1;
|
||||
}
|
||||
|
||||
return &validdomainname($domainname);
|
||||
}
|
||||
|
||||
sub validfqdn
|
||||
{
|
||||
# Checks a fully qualified domain name against RFC1035 and RFC2181
|
||||
|
|
|
|||
|
|
@ -2506,6 +2506,7 @@ sub check_acls
|
|||
if ($_)
|
||||
{
|
||||
if (/^\./) { $_ = '*'.$_; }
|
||||
unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
|
||||
$proxysettings{'DST_NOCACHE'} .= $_."\n";
|
||||
}
|
||||
}
|
||||
|
|
@ -2604,6 +2605,7 @@ sub check_acls
|
|||
if ($_)
|
||||
{
|
||||
if (/^\./) { $_ = '*'.$_; }
|
||||
unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
|
||||
$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -301,6 +301,7 @@
|
|||
'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport',
|
||||
'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy',
|
||||
'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy',
|
||||
'advproxy errmsg invalid url' => 'Ungültige URL',
|
||||
'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
|
||||
'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich',
|
||||
'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich',
|
||||
|
|
|
|||
|
|
@ -298,6 +298,7 @@
|
|||
'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
|
||||
'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
|
||||
'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
|
||||
'advproxy errmsg invalid url' => 'Invalid URL',
|
||||
'advproxy errmsg invalid user' => 'Username does not exist',
|
||||
'advproxy errmsg ldap base dn' => 'LDAP base DN required',
|
||||
'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
|
||||
|
|
|
|||
Loading…
Reference in New Issue