* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a981a365a078f5840b32a76c4ad9aa75111a60f8
@ 2022-09-11 8:13 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2022-09-11 8:13 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 7338 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via a981a365a078f5840b32a76c4ad9aa75111a60f8 (commit)
via ba4f53c56573d51be5e804f70965e82e5b271fd5 (commit)
via 7cb63527d96c4610171feb580c9fcd27c3af26b6 (commit)
from cc826e8628141abce615699a8c10592233dc467c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a981a365a078f5840b32a76c4ad9aa75111a60f8
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Sep 11 08:13:27 2022 +0000
Core Update 170: Ship files related to #12925
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ba4f53c56573d51be5e804f70965e82e5b271fd5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Sep 6 14:15:54 2022 +0200
proxy.cgi: Correctly validate domain lists
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls(a)jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7cb63527d96c4610171feb580c9fcd27c3af26b6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Sep 6 13:58:22 2022 +0200
mail.cgi: Validate email recipient
The email recipient was not correctly validated which allowed for some
stored cross-site scripting vulnerability.
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls(a)jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 11 +++++++++++
config/rootfiles/core/170/filelists/files | 3 +++
html/cgi-bin/mail.cgi | 4 ++++
html/cgi-bin/proxy.cgi | 2 ++
langs/de/cgi-bin/de.pl | 2 ++
langs/en/cgi-bin/en.pl | 2 ++
6 files changed, 24 insertions(+)
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 16a05cecf..98bedb4b9 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -756,6 +756,17 @@ sub validdomainname
return 1;
}
+sub validwildcarddomainname($) {
+ my $domainname = shift;
+
+ # Ignore any leading dots
+ if ($domainname =~ m/^\*\.(.*)/) {
+ $domainname = $1;
+ }
+
+ return &validdomainname($domainname);
+}
+
sub validfqdn
{
# Checks a fully qualified domain name against RFC1035 and RFC2181
diff --git a/config/rootfiles/core/170/filelists/files b/config/rootfiles/core/170/filelists/files
index df8020847..d31e49ad3 100644
--- a/config/rootfiles/core/170/filelists/files
+++ b/config/rootfiles/core/170/filelists/files
@@ -4,7 +4,9 @@ opt/pakfire/pakfire
srv/web/ipfire/cgi-bin/aliases.cgi
srv/web/ipfire/cgi-bin/index.cgi
srv/web/ipfire/cgi-bin/ipblocklist.cgi
+srv/web/ipfire/cgi-bin/mail.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/cgi-bin/vulnerabilities.cgi
@@ -22,6 +24,7 @@ usr/share/terminfo/t/tmux-256color
usr/share/terminfo/t/tmux-direct
var/ipfire/backup/bin/backup.pl
var/ipfire/backup/include
+var/ipfire/general-functions.pl
var/ipfire/ipblocklist-functions.pl
var/ipfire/menu.d/50-firewall.menu
var/ipfire/menu.d/70-log.menu
diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi
index 4ebc6b033..34f52ae01 100644
--- a/html/cgi-bin/mail.cgi
+++ b/html/cgi-bin/mail.cgi
@@ -283,6 +283,10 @@ sub checkmailsettings {
$errormessage .= "$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>";
}
}
+ # Check for a valid recipient
+ if (!&General::validemail($cgiparams{'txt_recipient'})) {
+ $errormessage .= $Lang::tr{'email recipient invalid'} . "<br>";
+ }
return $errormessage;
}
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 0111a240b..577d37b93 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -2506,6 +2506,7 @@ sub check_acls
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
+ unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
$proxysettings{'DST_NOCACHE'} .= $_."\n";
}
}
@@ -2604,6 +2605,7 @@ sub check_acls
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
+ unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
}
}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index d3b4c8687..cf31b9171 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -301,6 +301,7 @@
'advproxy errmsg invalid proxy port' => 'Ungültiger Proxyport',
'advproxy errmsg invalid upstream proxy' => 'Ungültige IP/Hostname für vorgelagerten Proxy',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Ungültiger Benutzername oder ungültiges Kennwort für vorgelagerten Proxy',
+'advproxy errmsg invalid url' => 'Ungültige URL',
'advproxy errmsg invalid user' => 'Benutzername existiert nicht',
'advproxy errmsg ldap base dn' => 'LDAP Base DN erforderlich',
'advproxy errmsg ldap bind dn' => 'LDAP Bind DN Benutzername und Passwort erforderlich',
@@ -963,6 +964,7 @@
'email mailrcpt' => 'E-Mail-Empfänger',
'email mailsender' => 'E-Mail-Absender',
'email mailuser' => 'Benutzername',
+'email recipient invalid' => 'Ungültiger Emailempfänger',
'email server can not be empty' => 'E-Mail-Server darf nicht leer sein',
'email settings' => 'Mailversand',
'email subject' => 'IPFire Test-E-Mail',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 36f97de38..11ba10f8f 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -298,6 +298,7 @@
'advproxy errmsg invalid proxy port' => 'Invalid proxy port',
'advproxy errmsg invalid upstream proxy' => 'Invalid upstream proxy IP/hostname',
'advproxy errmsg invalid upstream proxy username or password setting' => 'Invalid upstream proxy username or password setting',
+'advproxy errmsg invalid url' => 'Invalid URL',
'advproxy errmsg invalid user' => 'Username does not exist',
'advproxy errmsg ldap base dn' => 'LDAP base DN required',
'advproxy errmsg ldap bind dn' => 'LDAP bind DN username and password required',
@@ -1004,6 +1005,7 @@
'email mailrcpt' => 'Mail Recipient',
'email mailsender' => 'Mail Sender',
'email mailuser' => 'Username',
+'email recipient invalid' => 'Invalid email recipient',
'email server can not be empty' => 'E-mail server can not be empty',
'email settings' => 'Mail Service',
'email subject' => 'IPFire Test Mail',
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-09-11 8:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-11 8:13 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a981a365a078f5840b32a76c4ad9aa75111a60f8 Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox