fixed to correctly sanitize the input string in the built-in HTTP server which led a number of security vulnerabilities. #30

This commit is contained in:
Jordi Sanfeliu 2013-11-21 10:08:19 +01:00
parent 4cad2ed428
commit ff80441be7
2 changed files with 13 additions and 2 deletions

View File

@ -1,3 +1,9 @@
3.3.1 - 21-Nov-2013
====================
- Fixed to correctly sanitize the input string in the built-in HTTP server
which led a number of security vulnerabilities. [#30]
3.3.0 - 12-Aug-2013 3.3.0 - 12-Aug-2013
==================== ====================
- Added a complete statistical Wowza Media Server graph. - Added a complete statistical Wowza Media Server graph.

View File

@ -148,6 +148,7 @@ sub handle_request {
my $target; my $target;
my $target_cgi; my $target_cgi;
my @data; my @data;
my $OK_CHARS='-a-zA-Z0-9_./'; # a restrictive list of valid chars
return if fork(); # parent returns return if fork(); # parent returns
@ -192,8 +193,12 @@ sub handle_request {
} }
($mimetype) = ($target =~ m/.*\.(html|cgi|png)$/); ($mimetype) = ($target =~ m/.*\.(html|cgi|png)$/);
$target =~ s/^\///; # removes leading slash $target =~ s/^\/*//; # removes leading slashes
$target_cgi =~ s/^\///; # removes leading slash $target_cgi =~ s/^\/*//; # removes leading slashes
$target =~ s/[^$OK_CHARS]/_/go; # only $OK_CHARS are allowed
$target_cgi =~ s/[^$OK_CHARS]/_/go; # only $OK_CHARS are allowed
if($target_cgi eq "monitorix.cgi") { if($target_cgi eq "monitorix.cgi") {
chdir("cgi"); chdir("cgi");
open(EXEC, "./$target_cgi |"); open(EXEC, "./$target_cgi |");