webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

dns.cgi: Fixes bug 13892 XSS potential

Browse Source 
commit f34349dd754c6cdb29058b603028a7155ebfa830
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Oct 2 13:10:14 2025 +0200

    dns.cgi: Fix for XSS potential

    - Related to CVE-2025-50976
    - Fixes NAMESERVER & REMARK
    - TLS_HOSTNAME was already fixed in a previous patch

    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit db042629c0cae5b78eeddb8a9db8783c557138b0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Sep 25 17:29:35 2025 +0200

    dns.cgi: Validate the TLS hostname irregardless of TLS being used

    That way, we won't have to perform escaping later on and can rely on
    having a valid value.

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 98616a36c00b7fc845995c5cc4d8e301e58a20a7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:50 2025 +0200

    dns.cgi: Fixes bug 13892

    Fixes: bug 13892 - dns.cgi TLS_HOSTNAME Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-10-03 18:23:26 +00:00
parent 0e302b1efc
commit a8dc9235f1
1 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
html/cgi-bin/dns.cgi
View File

@@ -127,18 +127,20 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
$errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
}
# Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
elsif($settings{'PROTO'} eq "TLS") {
unless($cgiparams{"TLS_HOSTNAME"}) {
$errormessage = "$Lang::tr{'dns no tls hostname given'}";
} else {
# Check if the provided domain is valid.
unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
$errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
}
# Check if the provided hostname is valid
if ($cgiparams{'TLS_HOSTNAME'} ne "") {
unless (&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
$errormessage = "$Lang::tr{'invalid ip or hostname'}: " . &Header::escape($cgiparams{'TLS_HOSTNAME'});
}
}
# Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
if ($settings{'PROTO'} eq "TLS") {
unless ($cgiparams{"TLS_HOSTNAME"}) {
$errormessage = "$Lang::tr{'dns no tls hostname given'}";
}
}
# Go further if there was no error.
if ( ! $errormessage) {
# Check if a remark has been entered.
@@ -773,9 +775,9 @@ sub show_add_edit_nameserver() {
# Check if an ID has been given.
if ($cgiparams{'ID'}) {
# Assign cgiparams values.
$cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
$cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]);
$cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
$cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
$cgiparams{'REMARK'} = $Header::escape($dns_servers{$cgiparams{'ID'}}[3]);
}
} else {
&Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});