This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via a981a365a078f5840b32a76c4ad9aa75111a60f8 (commit) via ba4f53c56573d51be5e804f70965e82e5b271fd5 (commit) via 7cb63527d96c4610171feb580c9fcd27c3af26b6 (commit) from cc826e8628141abce615699a8c10592233dc467c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit a981a365a078f5840b32a76c4ad9aa75111a60f8 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Sep 11 08:13:27 2022 +0000
Core Update 170: Ship files related to #12925
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ba4f53c56573d51be5e804f70965e82e5b271fd5 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Sep 6 14:15:54 2022 +0200
proxy.cgi: Correctly validate domain lists
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire Reported-by: Noriko Totsuka vuls@jpcert.or.jp Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7cb63527d96c4610171feb580c9fcd27c3af26b6 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Sep 6 13:58:22 2022 +0200
mail.cgi: Validate email recipient
The email recipient was not correctly validated which allowed for some stored cross-site scripting vulnerability.
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire Reported-by: Noriko Totsuka vuls@jpcert.or.jp Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 11 +++++++++++ config/rootfiles/core/170/filelists/files | 3 +++ html/cgi-bin/mail.cgi | 4 ++++ html/cgi-bin/proxy.cgi | 2 ++ langs/de/cgi-bin/de.pl | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ 6 files changed, 24 insertions(+)
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 16a05cecf..98bedb4b9 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -756,6 +756,17 @@ sub validdomainname return 1; }
+sub validwildcarddomainname($) { + my $domainname = shift; + + # Ignore any leading dots + if ($domainname =~ m/^*.(.*)/) { + $domainname = $1; + } + + return &validdomainname($domainname); +} + sub validfqdn { # Checks a fully qualified domain name against RFC1035 and RFC2181 diff --git a/config/rootfiles/core/170/filelists/files b/config/rootfiles/core/170/filelists/files index df8020847..d31e49ad3 100644 --- a/config/rootfiles/core/170/filelists/files +++ b/config/rootfiles/core/170/filelists/files @@ -4,7 +4,9 @@ opt/pakfire/pakfire srv/web/ipfire/cgi-bin/aliases.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ipblocklist.cgi +srv/web/ipfire/cgi-bin/mail.cgi srv/web/ipfire/cgi-bin/pakfire.cgi +srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/services.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/cgi-bin/vulnerabilities.cgi @@ -22,6 +24,7 @@ usr/share/terminfo/t/tmux-256color usr/share/terminfo/t/tmux-direct var/ipfire/backup/bin/backup.pl var/ipfire/backup/include +var/ipfire/general-functions.pl var/ipfire/ipblocklist-functions.pl var/ipfire/menu.d/50-firewall.menu var/ipfire/menu.d/70-log.menu diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index 4ebc6b033..34f52ae01 100644 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -283,6 +283,10 @@ sub checkmailsettings { $errormessage .= "$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>"; } } + # Check for a valid recipient + if (!&General::validemail($cgiparams{'txt_recipient'})) { + $errormessage .= $Lang::tr{'email recipient invalid'} . "<br>"; + } return $errormessage; }
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 0111a240b..577d37b93 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2506,6 +2506,7 @@ sub check_acls if ($_) { if (/^./) { $_ = '*'.$_; } + unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); } $proxysettings{'DST_NOCACHE'} .= $_."\n"; } } @@ -2604,6 +2605,7 @@ sub check_acls if ($_) { if (/^./) { $_ = '*'.$_; } + unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); } $proxysettings{'DST_NOPROXY_URL'} .= $_."\n"; } } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index d3b4c8687..cf31b9171 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -301,6 +301,7 @@ 'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport', 'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy', +'advproxy errmsg invalid url' => 'Ungültige URL', 'advproxy errmsg invalid user' => 'Benutzername existiert nicht', 'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich', 'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich', @@ -963,6 +964,7 @@ 'email mailrcpt' => 'E-Mail-Empfänger', 'email mailsender' => 'E-Mail-Absender', 'email mailuser' => 'Benutzername', +'email recipient invalid' => 'Ungültiger Emailempfänger', 'email server can not be empty' => 'E-Mail-Server darf nicht leer sein', 'email settings' => 'Mailversand', 'email subject' => 'IPFire Test-E-Mail', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 36f97de38..11ba10f8f 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -298,6 +298,7 @@ 'advproxy errmsg invalid proxy port' => 'Invalid proxy port', 'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname', 'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting', +'advproxy errmsg invalid url' => 'Invalid URL', 'advproxy errmsg invalid user' => 'Username does not exist', 'advproxy errmsg ldap base dn' => 'LDAP base DN required', 'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required', @@ -1004,6 +1005,7 @@ 'email mailrcpt' => 'Mail Recipient', 'email mailsender' => 'Mail Sender', 'email mailuser' => 'Username', +'email recipient invalid' => 'Invalid email recipient', 'email server can not be empty' => 'E-mail server can not be empty', 'email settings' => 'Mail Service', 'email subject' => 'IPFire Test Mail',
hooks/post-receive -- IPFire 2.x development tree