diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 09:28:35 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 09:28:35 -0300 |
commit | ee4ba9fba1f9d49396f3a4882a3239a83c5036d6 (patch) | |
tree | bf2075dc8414a097c9c1b936890db4743e691eee /usr/local | |
parent | 54a9da9fceff7e5d2524bd30d31c2756dd46f357 (diff) | |
download | pfsense-ee4ba9fba1f9d49396f3a4882a3239a83c5036d6.zip pfsense-ee4ba9fba1f9d49396f3a4882a3239a83c5036d6.tar.gz |
Be more careful with host parameter and make sure it's escaped when call shell functions
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/diag_dns.php | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php index 98271d1..0c41824 100644 --- a/usr/local/www/diag_dns.php +++ b/usr/local/www/diag_dns.php @@ -38,16 +38,17 @@ require("guiconfig.inc"); if ($_GET['host']) $_POST = $_GET; -if($_GET['createalias'] == "true") { - $host = trim($_POST['host']); +$host = trim($_POST['host'], " \t\n\r\0\x0B[];\"'"); +$host_esc = escapeshellarg($host); + +if($_GET['createalias'] == "true" && (is_hostname($host) || is_ipaddr($host))) { if($_GET['override']) $override = true; $a_aliases = &$config['aliases']['alias']; $type = "hostname"; $resolved = gethostbyname($host); if($resolved) { - $host = trim($_POST['host']); - $dig=`dig "$host" A | grep "$host" | grep -v ";" | awk '{ print $5 }'`; + $dig=`dig "{$host_esc}" A | grep "{$host_esc}" | grep -v ";" | awk '{ print $5 }'`; $resolved = explode("\n", $dig); $isfirst = true; foreach($resolved as $re) { @@ -93,8 +94,6 @@ if ($_POST) { $reqdfieldsn = explode(",", "Host"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - $host = trim($_POST['host'], " \t\n\r\0\x0B[]"); - $host_esc = escapeshellarg($host); if (!is_hostname($host) && !is_ipaddr($host)) { $input_errors[] = gettext("Host must be a valid hostname or IP address."); @@ -130,7 +129,7 @@ if ($_POST) { $type = "hostname"; $resolved = gethostbyname($host); if($resolved) { - $dig=`dig $host_esc A | grep $host_esc | grep -v ";" | awk '{ print $5 }'`; + $dig=`dig {$host_esc} A | grep {$host_esc} | grep -v ";" | awk '{ print $5 }'`; $resolved = explode("\n", $dig); } $hostname = $host; |