proxy.cgi: Correctly validate domain lists

Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire Reported-by: Noriko Totsuka <vuls@jpcert.or.jp> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-27 11:13:24 +02:00 · 2022-09-06 14:15:54 +02:00
parent 7cb63527d9
commit ba4f53c565
4 changed files with 15 additions and 0 deletions
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -756,6 +756,17 @@ sub validdomainname
 	return 1;
 }

+sub validwildcarddomainname($) {
+	my $domainname = shift;
+
+	# Ignore any leading dots
+	if ($domainname =~ m/^\*\.(.*)/) {
+		$domainname = $1;
+	}
+
+	return &validdomainname($domainname);
+}
+
 sub validfqdn
 {
 	# Checks a fully qualified domain name against RFC1035 and RFC2181