/[smecontribs]/rpms/phpki-ng/contribs10/phpki-ng-bz12274-regex-secu.patch
ViewVC logotype

Annotation of /rpms/phpki-ng/contribs10/phpki-ng-bz12274-regex-secu.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Wed Dec 14 21:56:02 2022 UTC (23 months, 2 weeks ago) by jpp
Branch: MAIN
CVS Tags: phpki-ng-0_84-16_el7_sme, phpki-ng-0_84-15_el7_sme, HEAD
Changes since 1.1: +0 -118 lines
* Wed Dec 14 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

1 jpp 1.1 diff -Nur --no-dereference phpki-ng.old/phpki-ng-0.84/ns_revoke_query.php phpki-ng/phpki-ng-0.84/ns_revoke_query.php
2     --- phpki-ng.old/phpki-ng-0.84/ns_revoke_query.php 2022-11-18 14:43:19.940000000 -0500
3     +++ phpki-ng/phpki-ng-0.84/ns_revoke_query.php 2022-12-14 16:49:46.524000000 -0500
4     @@ -16,13 +16,16 @@
5     #
6     include('./config.php');
7     include(STORE_DIR.'/config/config.php');
8     -
9     -$serial = escapeshellcmd(trim($_SERVER['QUERY_STRING']));
10     +$serial=trim($_SERVER['QUERY_STRING']);
11     +if ( ! is_numeric($serial) ) {
12     + # if it is not a numerical serial, then it is not revoked!
13     + print '0';
14     + exit;
15     +}
16     +$serial = escapeshellcmd($serial);
17     #header("Content-type: application/x-netscape-revocation");
18    
19     -# old Reg Ex doesnt work, new should do the work
20     -#$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
21     -$regexp = "^R.*$serial.*$";
22     +$regexp = "^R\t.*\t.*\t$serial\t.*\t.*$";
23     $configIndex = $config['index'];
24    
25     if (exec("egrep '$regexp' '$configIndex'")) {

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed