* [PATCH 1/2] dns.cgi: Fix for XSS potential
@ 2025-10-02 11:10 Adolf Belka
2025-10-02 11:10 ` [PATCH 2/2] firewall.cgi: Fixes " Adolf Belka
0 siblings, 1 reply; 2+ messages in thread
From: Adolf Belka @ 2025-10-02 11:10 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- Related to CVE-2025-50976
- Fixes NAMESERVER & REMARK
- TLS_HOSTNAME was already fixed in a previous patch
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/dns.cgi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index 883c7efb6..29a46d4b6 100644
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -775,9 +775,9 @@ sub show_add_edit_nameserver() {
# Check if an ID has been given.
if ($cgiparams{'ID'}) {
# Assign cgiparams values.
- $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
+ $cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]);
$cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
- $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
+ $cgiparams{'REMARK'} = $Header::escape($dns_servers{$cgiparams{'ID'}}[3]);
}
} else {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
--
2.51.0
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH 2/2] firewall.cgi: Fixes XSS potential
2025-10-02 11:10 [PATCH 1/2] dns.cgi: Fix for XSS potential Adolf Belka
@ 2025-10-02 11:10 ` Adolf Belka
0 siblings, 0 replies; 2+ messages in thread
From: Adolf Belka @ 2025-10-02 11:10 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- Related to CVE-2025-50975
- Fixes PROT
- ruleremark was already escaped when firewall.cgi was initially merged back in Core
Update 77.
- SRC_PORT, TGT_PORT, dnaport, src_addr & tgt_addr are already validated in the code as
ports or port ranges.
- std_net_tgt is a string defined in the code and not a variable
- The variable key ignores any input that is not a digit and subsequently uses the next
free rulenumber digit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/firewall.cgi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 5f1eac09e..20e6a95e4 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2013 Alexander Marx <amarx@ipfire.org> #
+# Copyright (C) 2013-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -2351,6 +2351,7 @@ sub saverule
$fwdfwsettings{'ruleremark'}=~ s/,/;/g;
utf8::decode($fwdfwsettings{'ruleremark'});
$fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'});
+ $fwdfwsettings{'PROT'}=&Header::escape($fwdfwsettings{'PROT'});
if ($fwdfwsettings{'updatefwrule'} ne 'on'){
my $key = &General::findhasharraykey ($hash);
$$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'};
--
2.51.0
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-10-02 11:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-02 11:10 [PATCH 1/2] dns.cgi: Fix for XSS potential Adolf Belka
2025-10-02 11:10 ` [PATCH 2/2] firewall.cgi: Fixes " Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox