webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 08:52:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

proxy.cgi: Correctly validate domain lists

Browse Source 
Fixes: #12925 - JVN#15411362 Inquiry on vulnerability found in IPFire
Reported-by: Noriko Totsuka <vuls@jpcert.or.jp>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2022-09-06 14:15:54 +02:00
committed by Peter Müller
parent 7cb63527d9
commit ba4f53c565
4 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
html/cgi-bin/proxy.cgi
View File

@@ -2506,6 +2506,7 @@ sub check_acls
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
$proxysettings{'DST_NOCACHE'} .= $_."\n";
}
}
@@ -2604,6 +2605,7 @@ sub check_acls
if ($_)
{
if (/^\./) { $_ = '*'.$_; }
unless (&General::validwildcarddomainname($_)) { $errormessage = $Lang::tr{'advproxy errmsg invalid url'} . ": " . &Header::escape($_); }
$proxysettings{'DST_NOPROXY_URL'} .= $_."\n";
}
}