/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng-bz12274-regex-secu.patch
ViewVC logotype

Annotation of /rpms/phpki-ng/contribs10/phpki-ng-bz12274-regex-secu.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Dec 14 21:52:40 2022 UTC (22 months, 3 weeks ago) by jpp
Branch: MAIN
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

1 jpp 1.1 diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/dl_crl.php phpki-ng/phpki-ng-0.84/dl_crl.php
2     --- phpki-ng.old/phpki-ng-0.84/dl_crl.php 1969-12-31 19:00:00.000000000 -0500
3     +++ phpki-ng/phpki-ng-0.84/dl_crl.php 2022-12-14 16:49:13.501000000 -0500
4     @@ -0,0 +1,8 @@
5     +<?php
6     +include('./config.php');
7     +include(STORE_DIR.'/config/config.php');
8     +include('./include/common.php');
9     +include('./include/my_functions.php');
10     +include('./include/openssl_functions.php');
11     +upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl');
12     +?>
13     diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php phpki-ng/phpki-ng-0.84/include/openssl_functions.php
14     --- phpki-ng.old/phpki-ng-0.84/include/openssl_functions.php 2022-11-18 14:43:19.957000000 -0500
15     +++ phpki-ng/phpki-ng-0.84/include/openssl_functions.php 2022-12-14 16:49:13.502000000 -0500
16     @@ -601,7 +601,7 @@
17     $cmd_output[] = 'Revoking the certificate.';
18     $configCa_pwd = $config['ca_pwd'];
19     $configOpenssl_cnf = $config['openssl_cnf'];
20     - exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:$configCa_pwd 2>&1", $cmd_output, $ret);
21     + exec(CA." -config $configOpenssl_cnf -revoke ".escshellarg($certfile)." -passin pass:'$configCa_pwd' 2>&1", $cmd_output, $ret);
22    
23     if ($ret == 0) {
24     unset($cmd_output);
25     @@ -652,7 +652,7 @@
26     $cmd_output[] = 'Creating certificate request.';
27    
28     if (($_passwd) && ($_passwd != "''")) {
29     - exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:$_passwd 2>&1", $cmd_output, $ret);
30     + exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret);
31     } else {
32     exec(REQ." -new -newkey rsa:$keysize -keyout '$userkey' -out '$userreq' -config '$cnf_file' -days '$expiry_days' -nodes 2>&1", $cmd_output, $ret);
33     }
34     @@ -681,8 +681,8 @@
35     $configRandom = $config['random'];
36    
37     if (($_passwd) && ($_passwd != "''")) {
38     - $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd";
39     - exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret);
40     + $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'";
41     + exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret);
42     } else {
43     $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx";
44     // reetp - this needs looking at
45     @@ -823,8 +823,8 @@
46     unset($cmd_output);
47     $cmd_output[] = "Creating PKCS12 format certificate.";
48     if (($_passwd) && ($_passwd != "''")) {
49     - $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass: $_passwd";
50     - exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:$_passwd -passout pass:$_passwd 2>&1", $cmd_output, $ret);
51     + $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx pass:'$_passwd'";
52     + exec(PKCS12." -export -in '$usercert' -inkey '$userkey' -certfile '$configCacert_pem' -caname '$configOrganization' -out '$userpfx' -name $friendly_name -rand '$configRandom' -passin pass:'$_passwd' -passout pass:'$_passwd' 2>&1", $cmd_output, $ret);
53     } else {
54     $cmd_output[] = "infile: $usercert keyfile: $userkey outfile: $userpfx";
55     // reetp - this needs looking at
56     diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/ns_revoke_query.php phpki-ng/phpki-ng-0.84/ns_revoke_query.php
57     --- phpki-ng.old/phpki-ng-0.84/ns_revoke_query.php 2022-11-18 14:43:19.940000000 -0500
58     +++ phpki-ng/phpki-ng-0.84/ns_revoke_query.php 2022-12-14 16:49:46.524000000 -0500
59     @@ -16,13 +16,16 @@
60     #
61     include('./config.php');
62     include(STORE_DIR.'/config/config.php');
63     -
64     -$serial = escapeshellcmd(trim($_SERVER['QUERY_STRING']));
65     +$serial=trim($_SERVER['QUERY_STRING']);
66     +if ( ! is_numeric($serial) ) {
67     + # if it is not a numerical serial, then it is not revoked!
68     + print '0';
69     + exit;
70     +}
71     +$serial = escapeshellcmd($serial);
72     #header("Content-type: application/x-netscape-revocation");
73    
74     -# old Reg Ex doesnt work, new should do the work
75     -#$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
76     -$regexp = "^R.*$serial.*$";
77     +$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
78     $configIndex = $config['index'];
79    
80     if (exec("egrep '$regexp' '$configIndex'")) {
81     diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/openssl.cnf phpki-ng/phpki-ng-0.84/openssl.cnf
82     --- phpki-ng.old/phpki-ng-0.84/openssl.cnf 2020-04-02 08:22:47.000000000 -0400
83     +++ phpki-ng/phpki-ng-0.84/openssl.cnf 2022-12-14 16:49:13.502000000 -0500
84     @@ -60,7 +60,7 @@
85     nsCertType = sslCA, emailCA, objCA
86     subjectKeyIdentifier = hash
87     subjectAltName = email:copy
88     -crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
89     +crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
90     nsComment = "PHPki/OpenSSL Generated Root Certificate Authority"
91     #nsCaRevocationUrl = ns_revoke_query.php?
92     nsCaPolicyUrl = http://www.somewhere.com/phpki/policy.html
93     @@ -74,7 +74,7 @@
94     authorityKeyIdentifier = keyid:always, issuer:always
95     subjectAltName = email:copy
96     issuerAltName = issuer:copy
97     -crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
98     +crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
99     nsComment = "PHPki/OpenSSL Generated Personal Certificate"
100     nsBaseUrl = http://www.somewhere.com/phpki/
101     nsRevocationUrl = ns_revoke_query.php?
102     @@ -91,7 +91,7 @@
103     authorityKeyIdentifier = keyid:always, issuer:always
104     subjectAltName = email:copy
105     issuerAltName = issuer:copy
106     -crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
107     +crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
108     nsComment = "PHPki/OpenSSL Generated Personal Certificate"
109     nsBaseUrl = http://www.somewhere.com/phpki/
110     nsRevocationUrl = ns_revoke_query.php?
111     @@ -109,7 +109,7 @@
112     authorityKeyIdentifier = keyid:always, issuer:always
113     subjectAltName = email:copy
114     issuerAltName = issuer:copy
115     -crlDistributionPoints = URI:http://www.somewhere.com/phpki/index.php?stage=dl_crl
116     +crlDistributionPoints = URI:http://www.somewhere.com/phpki/dl_crl.php
117     nsComment = "PHPki/OpenSSL Generated Secure Server Certificate"
118     nsBaseUrl = http://www.somewhere.com/phpki/
119     nsRevocationUrl = ns_revoke_query.php?
120     diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/search.php phpki-ng/phpki-ng-0.84/search.php
121     --- phpki-ng.old/phpki-ng-0.84/search.php 2022-11-18 14:43:19.942000000 -0500
122     +++ phpki-ng/phpki-ng-0.84/search.php 2022-12-14 16:49:13.468000000 -0500
123     @@ -102,7 +102,7 @@
124     <td><?php echo htvar($rec['unit'])?></td>
125     <td><?php echo htvar($rec['locality'])?></td>
126     <td><?php echo htvar($rec['province'])?></td>
127     - <td><a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?> ?stage=display&serial=<?php echo htvar($rec['serial'])?>" target=_certdisp><img src=images/display.png alt="Display" title="Display the certificate in excruciating detail"></a>
128     + <td><a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>?stage=display&serial=<?php echo htvar($rec['serial'])?>" target=_certdisp><img src=images/display.png alt="Display" title="Display the certificate in excruciating detail"></a>
129     <?php
130     if ($rec['status'] != 'Revoked') {
131     ?>
132     diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/setup.php-presetup phpki-ng/phpki-ng-0.84/setup.php-presetup
133     --- phpki-ng.old/phpki-ng-0.84/setup.php-presetup 2022-11-18 14:43:19.973000000 -0500
134     +++ phpki-ng/phpki-ng-0.84/setup.php-presetup 2022-12-14 16:49:13.502000000 -0500
135     @@ -887,7 +887,7 @@
136     }
137    
138     if (! $crl_distrib) {
139     - $crl_distrib = 'index.php?stage=dl_crl';
140     + $crl_distrib = 'dl_crl.php';
141     }
142     if (! $revoke_url) {
143     $revoke_url = 'ns_revoke_query.php?';

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed