From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 27 Oct 2014 19:16:42 +0000 (+0100)
Subject: guardian.cgi: Fix and improve input validation.
X-Git-Tag: v2.19-core104~8^2~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96655fa6b7712d586d9ce6a11e7b2f2c47ea2c7d;p=ipfire-2.x.git

guardian.cgi: Fix and improve input validation.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index aacdfca990..e65f4c7d05 100644
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -80,27 +80,27 @@ my $pid = @pid[0];
 #
 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 	# Check for valid blocktime.
-	if (! $settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) {
+	unless(($settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKTIME'} ne "0")) {
 			$errormessage = "$Lang::tr{'guardian invalid blocktime'}";
 	}
 
 	# Check if the bloccount is valid.
-	if (! $settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) {
+	unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) {
 			$errormessage = "$Lang::tr{'guardian invalid blockcount'}";
 	}
 
 	# Check Logfile.
-	if (! $settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
+	unless($settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
 		$errormessage = "$Lang::tr{'guardian invalid logfile'}";
 	}
 
 	# Check input for snort alert file.
-	if (! $settings{'GUARDIAN_SNORT_ALERTFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
+	unless($settings{'GUARDIAN_SNORT_ALERTFILE'} =~ /^[a-zA-Z0-9\.\/]+$/) {
 		$errormessage = "$Lang::tr{'guardian invalid alertfile'}";
 	}
 
 	# Only continue if no error message has been set.
-	if ($errormessage eq '') {
+	if($errormessage eq '') {
 		# Write configuration settings to file.
 		&General::writehash("${General::swroot}/guardian/settings", \%settings);