proxy.cgi: Correctly validate domain lists

Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 16a05cecf23b01d890f98490dc441edf67a0cccd..98bedb4b91ca9e6151fff421bc34a910080c3cee 100644 (file)
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -756,6 +756,17 @@ sub validdomainname
        return 1;
 }
 
+sub validwildcarddomainname($) {
+       my $domainname = shift;
+
+       # Ignore any leading dots
+       if ($domainname =~ m/^\*\.(.*)/) {
+               $domainname = $1;
+       }
+
+       return &validdomainname($domainname);
+}
+
 sub validfqdn
 {
        # Checks a fully qualified domain name against RFC1035 and RFC2181

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 0111a240b6a07408a8f36fa7e2c52a7a948d7a65..577d37b93dae68d188e124e1d00048f411be60e1 100644 (file)
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2506,6 +2506,7 @@ sub check_acls
                if ($_)
                {
                        if (/^\./) { $_ = '*'.$_; }
+                       unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
                        $proxysettings{'DST_NOCACHE'} .= $_."\n";
                }
        }
@@ -2604,6 +2605,7 @@ sub check_acls
                        if ($_)
                        {
                                        if (/^\./) { $_ = '*'.$_; }
+                                       unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
                                        $proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
                        }
        }

diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 0dbc9071879a0eddca2987b10fe3a3dc588373a8..cf31b91715b3b0fecc534b2e74f56eaee113eccc 100644 (file)
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -301,6 +301,7 @@
 'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport',
 'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy',
+'advproxy errmsg invalid url' => 'Ungültige URL',
 'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
 'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich',
 'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich',

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 7de75ad3cfe9124ecf9fef45182968e683edba8c..11ba10f8fd234289d423c7425d369cf4ed062569 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -298,6 +298,7 @@
 'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
 'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
+'advproxy errmsg invalid url' => 'Invalid URL',
 'advproxy errmsg invalid user' => 'Username does not exist',
 'advproxy errmsg ldap base dn' => 'LDAP base DN required',
 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',