summaryrefslogtreecommitdiffstats
path: root/usr/local/www/diag_dns.php
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-06-17 09:28:35 -0300
committerRenato Botelho <garga@FreeBSD.org>2014-06-17 09:31:37 -0300
commit76c4ff0ecf269272aad3a6f06942596d2f0ab9ff (patch)
tree7cb7230821fdd015881f272526812fea0b93dbc7 /usr/local/www/diag_dns.php
parent65f815dd9fec2c7c290c7ff82f86ca8ab77f8035 (diff)
downloadpfsense-76c4ff0ecf269272aad3a6f06942596d2f0ab9ff.zip
pfsense-76c4ff0ecf269272aad3a6f06942596d2f0ab9ff.tar.gz
Be more careful with host parameter and make sure it's escaped when call shell functions
Diffstat (limited to 'usr/local/www/diag_dns.php')
-rw-r--r--usr/local/www/diag_dns.php13
1 files changed, 6 insertions, 7 deletions
diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php
index fcdd330..bec923a 100644
--- a/usr/local/www/diag_dns.php
+++ b/usr/local/www/diag_dns.php
@@ -38,16 +38,17 @@ require("guiconfig.inc");
if ($_GET['host'])
$_POST = $_GET;
-if($_GET['createalias'] == "true") {
- $host = trim($_POST['host']);
+$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'");
+$host_esc = escapeshellarg($host);
+
+if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) {
if($_GET['override'])
$override = true;
$a_aliases = &$config['aliases']['alias'];
$type = "hostname";
$resolved = gethostbyname($host);
if($resolved) {
- $host = trim($_POST['host']);
- $drill=`/usr/bin/drill "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`;
+ $drill=`/usr/bin/drill "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`;
$resolved = explode("\n", $drill);
$isfirst = true;
foreach($resolved as $re) {
@@ -93,8 +94,6 @@ if ($_POST) {
$reqdfieldsn = explode(",", "Host");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
- $host = trim($_POST['host'], " \t\n\r\0\x0B[]");
- $host_esc = escapeshellarg($host);
if (!is_hostname($host) && !is_ipaddr($host)) {
$input_errors[] = gettext("Host must be a valid hostname or IP address.");
@@ -130,7 +129,7 @@ if ($_POST) {
$type = "hostname";
$resolved = gethostbyname($host);
if($resolved) {
- $drill=`/usr/bin/drill $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`;
+ $drill=`/usr/bin/drill {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`;
$resolved = explode("\n", $drill);
}
$hostname = $host;
OpenPOWER on IntegriCloud