From ba4f53c56573d51be5e804f70965e82e5b271fd5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Sep 2022 14:15:54 +0200 Subject: [PATCH] proxy.cgi: Correctly validate domain lists Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire Reported-by: Noriko Totsuka Signed-off-by: Michael Tremer --- config/cfgroot/general-functions.pl | 11 +++++++++++ html/cgi-bin/proxy.cgi | 2 ++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 4 files changed, 15 insertions(+) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 16a05cecf2..98bedb4b91 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -756,6 +756,17 @@ sub validdomainname return 1; } +sub validwildcarddomainname($) { + my $domainname = shift; + + # Ignore any leading dots + if ($domainname =~ m/^\*\.(.*)/) { + $domainname = $1; + } + + return &validdomainname($domainname); +} + sub validfqdn { # Checks a fully qualified domain name against RFC1035 and RFC2181 diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 0111a240b6..577d37b93d 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2506,6 +2506,7 @@ sub check_acls if ($_) { if (/^\./) { $_ = '*'.$_; } + unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); } $proxysettings{'DST_NOCACHE'} .= $_."\n"; } } @@ -2604,6 +2605,7 @@ sub check_acls if ($_) { if (/^\./) { $_ = '*'.$_; } + unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); } $proxysettings{'DST_NOPROXY_URL'} .= $_."\n"; } } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 0dbc907187..cf31b91715 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -301,6 +301,7 @@ 'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport', 'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy', +'advproxy errmsg invalid url' => 'Ungültige URL', 'advproxy errmsg invalid user' => 'Benutzername existiert nicht', 'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich', 'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 7de75ad3cf..11ba10f8fd 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -298,6 +298,7 @@ 'advproxy errmsg invalid proxy port' => 'Invalid proxy port', 'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting', +'advproxy errmsg invalid url' => 'Invalid URL', 'advproxy errmsg invalid user' => 'Username does not exist', 'advproxy errmsg ldap base dn' => 'LDAP base DN required', 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required', -- 2.39.2