cachemgr.cgi: Add validation for hostname parameter (#504)

Prevention of HTML/invalid chars in host param

diff --git a/src/base/CharacterSet.cc b/src/base/CharacterSet.cc
index a87e1af417fc595a0d41f3096dc0fbf0ddbe4ade..fb9bd4f9c98534f269de0a7acfbbfad7c266483e 100644 (file)
--- a/src/base/CharacterSet.cc
+++ b/src/base/CharacterSet.cc
@@ -7,7 +7,7 @@
  */
 
 #include "squid.h"
-#include "CharacterSet.h"
+#include "base/CharacterSet.h"
 
 #include <algorithm>
 #include <iostream>

diff --git a/tools/Makefile.am b/tools/Makefile.am
index ad60b25f3d74fc9736e92bffdee0ac754ef77d0d..edf47e2fceeeddc54e43bac4a196833ecd73bc36 100644 (file)
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -37,6 +37,9 @@ stub_debug.cc: $(top_srcdir)/src/tests/stub_debug.cc
 Here.cc: $(top_srcdir)/src/base/Here.cc
        cp $(top_srcdir)/src/base/Here.cc $@
 
+CharacterSet.cc: $(top_srcdir)/src/base/CharacterSet.cc
+       cp $(top_srcdir)/src/base/CharacterSet.cc $@
+
 MemBuf.cc: $(top_srcdir)/src/MemBuf.cc
        cp $(top_srcdir)/src/MemBuf.cc $@
 
@@ -48,7 +51,7 @@ stub_cbdata.cc: $(top_srcdir)/src/tests/stub_cbdata.cc
 
 stub_libmem.cc: $(top_srcdir)/src/tests/stub_libmem.cc STUB.h
        cp $(top_srcdir)/src/tests/stub_libmem.cc $@
-       
+
 STUB.h: $(top_srcdir)/src/tests/STUB.h
        cp $(top_srcdir)/src/tests/STUB.h $@
 
@@ -57,7 +60,7 @@ STUB.h: $(top_srcdir)/src/tests/STUB.h
 # globals.cc is needed by test_tools.cc.
 # Neither of these should be disted from here.
 TESTSOURCES= test_tools.cc
-CLEANFILES += test_tools.cc Here.cc MemBuf.cc stub_debug.cc time.cc stub_cbdata.cc stub_libmem.cc STUB.h
+CLEANFILES += test_tools.cc Here.cc CharacterSet.cc MemBuf.cc stub_debug.cc time.cc stub_cbdata.cc stub_libmem.cc STUB.h
 
 ## Test Scripts
 EXTRA_DIST += helper-ok-dying.pl helper-ok.pl
@@ -69,6 +72,7 @@ DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
 libexec_PROGRAMS = cachemgr$(CGIEXT)
 
 cachemgr__CGIEXT__SOURCES = cachemgr.cc \
+       CharacterSet.cc \
        Here.cc \
        MemBuf.cc \
        stub_cbdata.cc \

diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
index 2208a3f4ab224315da0b760c47e14454cd1917f5..741d72c820b81470a539705eef9581bd91e86465 100644 (file)
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -8,6 +8,7 @@
 
 #include "squid.h"
 #include "base64.h"
+#include "base/CharacterSet.h"
 #include "getfullhostname.h"
 #include "html_quote.h"
 #include "ip/Address.h"
@@ -215,6 +216,21 @@ xstrtok(char **str, char del)
         return "";
 }
 
+bool
+hostname_check(const char *uri)
+{
+    static CharacterSet hostChars = CharacterSet("host",".:[]_") +
+            CharacterSet::ALPHA + CharacterSet::DIGIT;
+
+    const auto limit = strlen(uri);
+    for (size_t i = 0; i < limit; i++) {
+        if (!hostChars[uri[i]]) {
+              return false;
+        }
+    }
+    return true;
+}
+
 static void
 print_trailer(void)
 {
@@ -807,9 +823,15 @@ process_request(cachemgr_request * req)
     } else if ((S = req->hostname))
         (void) 0;
     else {
-        snprintf(buf, sizeof(buf), "Unknown host: %s\n", req->hostname);
-        error_html(buf);
-        return 1;
+        if (hostname_check(req->hostname)) {
+            snprintf(buf, sizeof(buf), "Unknown Host: %s\n", req->hostname);
+            error_html(buf);
+            return 1;
+        } else {
+            snprintf(buf, sizeof(buf), "%s\n", "Invalid Hostname");
+            error_html(buf);
+            return 1;
+        }
     }
 
     S.port(req->port);