Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+sub validwildcarddomainname($) {
+ my $domainname = shift;
+
+ # Ignore any leading dots
+ if ($domainname =~ m/^\*\.(.*)/) {
+ $domainname = $1;
+ }
+
+ return &validdomainname($domainname);
+}
+
sub validfqdn
{
# Checks a fully qualified domain name against RFC1035 and RFC2181
sub validfqdn
{
# Checks a fully qualified domain name against RFC1035 and RFC2181
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
+ unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
$proxysettings{'DST_NOCACHE'} .= $_."\n";
}
}
$proxysettings{'DST_NOCACHE'} .= $_."\n";
}
}
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
+ unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
}
}
$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
}
}
'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport',
'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy',
'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport',
'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy',
+'advproxy errmsg invalid url' => 'Ungültige URL',
'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich',
'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich',
'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich',
'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich',
'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
+'advproxy errmsg invalid url' => 'Invalid URL',
'advproxy errmsg invalid user' => 'Username does not exist',
'advproxy errmsg ldap base dn' => 'LDAP base DN required',
'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
'advproxy errmsg invalid user' => 'Username does not exist',
'advproxy errmsg ldap base dn' => 'LDAP base DN required',
'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',