From 4286b4199657210ad8e8355e04e39b7862e7693a Mon Sep 17 00:00:00 2001 From: thierry Date: Thu, 2 Nov 2006 09:22:26 +0000 Subject: - Fix patch-awstats.pl-security.orig; - Take maintainership. PR: ports/104784 Submitted by: Alex Samorukov Security: VuXML ID e86fbb5f-0d04-11da-bc08-0001020eed82 --- www/awstats/Makefile | 8 +-- www/awstats/files/patch-awstats.pl-security | 91 +++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 www/awstats/files/patch-awstats.pl-security (limited to 'www/awstats') diff --git a/www/awstats/Makefile b/www/awstats/Makefile index 04456a6..1f9af8d 100644 --- a/www/awstats/Makefile +++ b/www/awstats/Makefile @@ -7,19 +7,15 @@ PORTNAME= awstats PORTVERSION= 6.5 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= samm@os2.kiev.ua COMMENT= Free real-time logfile analyzer to get advanced web statistics -FORBIDDEN= Command Injection Vulnerability -DEPRECATED= ${FORBIDDEN} -EXPIRATION_DATE=2006-12-01 - RUN_DEPENDS= ${SITE_PERL}/Net/XWhois.pm:${PORTSDIR}/net/p5-Net-XWhois NO_BUILD= yes diff --git a/www/awstats/files/patch-awstats.pl-security b/www/awstats/files/patch-awstats.pl-security new file mode 100644 index 0000000..668e4c0 --- /dev/null +++ b/www/awstats/files/patch-awstats.pl-security @@ -0,0 +1,91 @@ +--- wwwroot/cgi-bin/awstats.pl Wed Oct 25 09:05:29 2006 ++++ wwwroot/cgi-bin/awstats.pl Wed Oct 25 09:02:30 2006 +@@ -1131,7 +1131,18 @@ + my $configdir=shift; + my @PossibleConfigDir=(); + +- if ($configdir) { @PossibleConfigDir=("$configdir"); } ++ if ($configdir) ++ { ++ # If from CGI, overwriting of configdir is only possible if AWSTATS_ENABLE_CONFIG_DIR defined ++ #if ($ENV{'GATEWAY_INTERFACE'} && ! $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) ++ #{ ++ # error("Sorry, to allow overwriting of configdir parameter from an AWStats CGI usage, environment variable AWSTATS_ENABLE_CONFIG_DIR must be set to 1"); ++ #} ++ #else ++ #{ ++ @PossibleConfigDir=("$configdir"); ++ #} ++ } + else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); } + + # Open config file +@@ -4439,6 +4450,7 @@ + my $stringtoclean=shift; + $stringtoclean =~ s//>/g; ++ $stringtoclean =~ s/|//g; + return $stringtoclean; + } + +@@ -5534,7 +5546,7 @@ + $QueryString =~ s/&/&/g; + } + +- $QueryString = CleanFromCSSA($QueryString); ++ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString)); + + # Security test + if ($QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); } +@@ -5542,26 +5554,26 @@ + # No update but report by default when run from a browser + $UpdateStats=($QueryString=~/update=1/i?1:0); + +- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&DecodeEncodedString("$1"); } +- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); } +- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); } +- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); } +- # All filters +- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter +- if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}=&DecodeEncodedString("$1"); } # +- if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can also be defined with urlfilter=filter +- if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}=&DecodeEncodedString("$1"); } # +- if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can also be defined with refererpagesfilter=filter +- if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); } # ++ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); } ++ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; } ++ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); } ++ if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); } ++ # All filters ++ if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter ++ if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}="$1"; } # ++ if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can also be defined with urlfilter=filter ++ if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}="$1"; } # ++ if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can also be defined with refererpagesfilter=filter ++ if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; } # + # All output +- if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed +- if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed +- if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed +- if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed ++ if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed + + # If migrate + if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) { +- $MigrateStats=&DecodeEncodedString("$2"); ++ $MigrateStats=&Sanitize("$2"); + $MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/; + $SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file + } +@@ -5625,8 +5637,6 @@ + if ($QueryString =~ /(^|&|&)databasebreak=(\w+)/i) { $DatabaseBreak=$2; } + if ($QueryString =~ /(^|&|&)updatefor=(\d+)/i) { $UpdateFor=$2; } + if ($QueryString =~ /(^|&|&)noloadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=1; } } +-#Removed for security reasons +-#if ($QueryString =~ /(^|&|&)loadplugin=([^&]+)/i) { foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=-1; } } + if ($QueryString =~ /(^|&|&)limitflush=(\d+)/i) { $LIMITFLUSH=$2; } + # Get/Define output + if ($QueryString =~ /(^|&|&)output(=[^&]*|)(.*)(&|&)output(=[^&]*|)(&|$)/i) { error("Only 1 output option is allowed","","",1); } -- cgit v1.1