From: Kees Monshouwer <mind04@monshouwer.org>
Date: Wed, 20 Nov 2013 19:54:10 +0000 (+0100)
Subject: validate webserver parameters
X-Git-Tag: rec-3.6.0-rc1~335^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1113%2Fhead;p=thirdparty%2Fpdns.git

validate webserver parameters
---

diff --git a/pdns/statbag.cc b/pdns/statbag.cc
index e4cc283fa7..40a98d3f22 100644
--- a/pdns/statbag.cc
+++ b/pdns/statbag.cc
@@ -302,4 +302,7 @@ vector<string>StatBag::listRings()
   return ret;
 }
 
-
+bool StatBag::ringExists(const string &name)
+{
+  return d_rings.count(name);
+}
diff --git a/pdns/statbag.hh b/pdns/statbag.hh
index ca7af1a640..4baabbd8e0 100644
--- a/pdns/statbag.hh
+++ b/pdns/statbag.hh
@@ -86,6 +86,7 @@ public:
   }
 
   vector<string>listRings();
+  bool ringExists(const string &name);
   void resetRing(const string &name);
   void resizeRing(const string &name, unsigned int newsize);
   unsigned int getRingSize(const string &name);
diff --git a/pdns/ws.cc b/pdns/ws.cc
index 8346f3e9f8..533f663373 100644
--- a/pdns/ws.cc
+++ b/pdns/ws.cc
@@ -187,14 +187,17 @@ string StatWebServer::makePercentage(const double& val)
 
 void StatWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
 {
-  if(!req->parameters["resetring"].empty()){
-    S.resetRing(req->parameters["resetring"]);
+  if(!req->parameters["resetring"].empty()) {
+    if (S.ringExists(req->parameters["resetring"]))
+      S.resetRing(req->parameters["resetring"]);
     resp->status = 301;
     resp->headers["Location"] = "/";
     return;
   }
   if(!req->parameters["resizering"].empty()){
-    S.resizeRing(req->parameters["resizering"], atoi(req->parameters["size"].c_str()));
+    int size=atoi(req->parameters["size"].c_str());
+    if (S.ringExists(req->parameters["resizering"]) && size > 0 && size <= 500000)
+      S.resizeRing(req->parameters["resizering"], atoi(req->parameters["size"].c_str()));
     resp->status = 301;
     resp->headers["Location"] = "/";
     return;