From c87f4b709261187cb5e76accde933404d81868f2 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Wed, 30 Jan 2013 10:57:00 +0000
Subject: Fixes #1928. Disallow sync loop only for certain types of calls but
 not for exec_[php|shell]. Also fix CARP loop detection to use correct
 variable

---
 usr/local/www/xmlrpc.php | 36 +++++++++++++++++++++++++++---------
 1 file changed, 27 insertions(+), 9 deletions(-)

(limited to 'usr/local/www')

diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php
index 1dda1ad..af58f67 100755
--- a/usr/local/www/xmlrpc.php
+++ b/usr/local/www/xmlrpc.php
@@ -44,16 +44,18 @@ require("xmlrpc_server.inc");
 require("xmlrpc.inc");
 require("array_intersect_key.inc");
 
-/* grab sync to ip if enabled */
-if ($config['hasync']) {
-	$synchronizetoip = $hasync['synchronizetoip'];
-}
-
-if($synchronizetoip) {
-	if($synchronizetoip == $_SERVER['REMOTE_ADDR']) {
-		log_error(gettext("Disallowing CARP sync loop."));
-		die;	
+function xmlrpc_loop_detect() {
+	global $config;
+
+	/* grab sync to ip if enabled */
+	if ($config['hasync'])
+		$synchronizetoip = $config['hasync']['synchronizetoip'];
+	if($synchronizetoip) {
+		if($synchronizetoip == $_SERVER['REMOTE_ADDR'])
+			return true;	
 	}
+
+	return false;
 }
 
 $xmlrpc_g = array(
@@ -138,6 +140,9 @@ $backup_config_section_sig = array(
 function backup_config_section_xmlrpc($raw_params) {
 	global $config, $xmlrpc_g;
 
+	if (xmlrpc_loop_detect())
+		log_error("Disallowing CARP sync loop");
+
 	$params = xmlrpc_params_to_php($raw_params);
 	if(!xmlrpc_auth($params)) {
 		xmlrpc_authfail();
@@ -161,6 +166,9 @@ $restore_config_section_sig = array(
 function restore_config_section_xmlrpc($raw_params) {
 	global $config, $xmlrpc_g;
 
+	if (xmlrpc_loop_detect())
+		log_error("Disallowing CARP sync loop");
+
 	$params = xmlrpc_params_to_php($raw_params);
 	if(!xmlrpc_auth($params)) {
 		xmlrpc_authfail();
@@ -278,6 +286,9 @@ $merge_config_section_sig = array(
 function merge_installedpackages_section_xmlrpc($raw_params) {
 	global $config, $xmlrpc_g;
 
+	if (xmlrpc_loop_detect())
+		log_error("Disallowing CARP sync loop");
+
 	$params = xmlrpc_params_to_php($raw_params);
 	if(!xmlrpc_auth($params)) {
 		xmlrpc_authfail();
@@ -302,6 +313,10 @@ $merge_config_section_sig = array(
 
 function merge_config_section_xmlrpc($raw_params) {
 	global $config, $xmlrpc_g;
+
+	if (xmlrpc_loop_detect())
+		log_error("Disallowing CARP sync loop");
+
 	$params = xmlrpc_params_to_php($raw_params);
 	if(!xmlrpc_auth($params)) {
 		xmlrpc_authfail();
@@ -356,6 +371,9 @@ $carp_configure_sig = array(
 function interfaces_carp_configure_xmlrpc($raw_params) {
 	global $xmlrpc_g;
 
+	if (xmlrpc_loop_detect())
+		log_error("Disallowing CARP sync loop");
+
 	$params = xmlrpc_params_to_php($raw_params);
 	if(!xmlrpc_auth($params)) {
 		xmlrpc_authfail();
-- 
cgit v1.1