diff options
| author | stilez <stilez@users.noreply.github.com> | 2016-09-15 10:50:31 +0100 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-12-30 09:53:50 -0200 |
| commit | eb4e0aa0a90bad362abfacea512fbdf3bee5cbe1 (patch) | |
| tree | 480b5387e9b6ff7d895c18e2bbf7964ca0683a3c /src/usr/local/www/firewall_rules_edit.php | |
| parent | 73c57bf4acde871fcbdc3f218600dbf3509c9e94 (diff) | |
| download | pfsense-eb4e0aa0a90bad362abfacea512fbdf3bee5cbe1.zip pfsense-eb4e0aa0a90bad362abfacea512fbdf3bee5cbe1.tar.gz | |
Improve icmptype input sanitising
(cherry picked from commit 0e782e9f576aee02d4e2e5147e24bc5def261355)
Diffstat (limited to 'src/usr/local/www/firewall_rules_edit.php')
| -rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 8146aa0..715b5c9 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -612,21 +612,30 @@ if ($_POST) { } if ($_POST['proto'] == "icmp") { - $t = $_POST['icmptype']; - $bad_types = array(); - if (is_array($t) && ((count($t) == 1 && !isset($t['any'])) || count($t) > 1)) { - // Only need to check valid if just one selected != "any", or >1 selected - $p = $_POST['ipprotocol']; - foreach ($t as $type) { - if ( ($p == 'inet' && !array_key_exists($type, $icmptypes4)) || - ($p == 'inet6' && !array_key_exists($type, $icmptypes6)) || - ($p == 'inet46' && !array_key_exists($type, $icmptypes46))) { - $bad_types[] = $type; + $t =& $_POST['icmptype']; + if (isset($t) && !is_array($t)) { + // shouldn't happen but avoids making assumptions for data-sanitising + $input_errors[] = gettext("ICMP types expected to be a list if present, but is not."); + } elseif (!isset($t) || count($t) == 0) { + // not specified or none selected + unset($_POST['icmptype']); + } else { + // check data + $bad_types = array(); + if ((count($t) == 1 && !isset($t['any'])) || count($t) > 1) { + // Only need to check valid if just one selected != "any", or >1 selected + $p = $_POST['ipprotocol']; + foreach ($t as $type) { + if ( ($p == 'inet' && !array_key_exists($type, $icmptypes4)) || + ($p == 'inet6' && !array_key_exists($type, $icmptypes6)) || + ($p == 'inet46' && !array_key_exists($type, $icmptypes46))) { + $bad_types[] = $type; + } } } - } - if (count($bad_types) > 0) { - $input_errors[] = sprintf(gettext("Invalid ICMP subtype: %s can not be used with %s."), implode(';', $bad_types), $t['name']); + if (count($bad_types) > 0) { + $input_errors[] = sprintf(gettext("Invalid ICMP subtype: %s can not be used with %s."), implode(';', $bad_types), $t['name']); + } } } else { unset($_POST['icmptype']); // field not applicable, might hold junk from old hidden selections. Unset it. |
