/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng-bz12274-regex-secu.patch
ViewVC logotype

Contents of /rpms/phpki-ng/contribs10/phpki-ng-bz12274-regex-secu.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Wed Dec 14 21:56:02 2022 UTC (23 months, 2 weeks ago) by jpp
Branch: MAIN
CVS Tags: phpki-ng-0_84-16_el7_sme, phpki-ng-0_84-15_el7_sme, HEAD
Changes since 1.1: +0 -118 lines
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

1 diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/ns_revoke_query.php phpki-ng/phpki-ng-0.84/ns_revoke_query.php
2 --- phpki-ng.old/phpki-ng-0.84/ns_revoke_query.php 2022-11-18 14:43:19.940000000 -0500
3 +++ phpki-ng/phpki-ng-0.84/ns_revoke_query.php 2022-12-14 16:49:46.524000000 -0500
4 @@ -16,13 +16,16 @@
5 #
6 include('./config.php');
7 include(STORE_DIR.'/config/config.php');
8 -
9 -$serial = escapeshellcmd(trim($_SERVER['QUERY_STRING']));
10 +$serial=trim($_SERVER['QUERY_STRING']);
11 +if ( ! is_numeric($serial) ) {
12 + # if it is not a numerical serial, then it is not revoked!
13 + print '0';
14 + exit;
15 +}
16 +$serial = escapeshellcmd($serial);
17 #header("Content-type: application/x-netscape-revocation");
18
19 -# old Reg Ex doesnt work, new should do the work
20 -#$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
21 -$regexp = "^R.*$serial.*$";
22 +$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
23 $configIndex = $config['index'];
24
25 if (exec("egrep '$regexp' '$configIndex'")) {

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed