iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-05-06 21:42:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle newlines in CHTTPSock::GetParam() and strip them out.

Browse Source 
There was a bug in webadmin which allowed any users to write arbitrary strings
to znc.conf by setting e.g. their quit message to:
  Some quit message
  Admin = true
  LoadModule = shell
  </User>
  ISpoofFile = /home/<user>/.ssh/authorited_keys
  ISpoofFormat = <some ssh key>
  <User a>
(The newlines must be sent as newlines to webadmin)

This commit fixes this by stripping all newlines from all the data fields
by default. Since some fields (e.g. CTCPReplies and Servers) do need newlines,
there is a new function CHTTPSock::GetRawParam() which doesn't do the stripping.

Thanks to cnu for finding and reporting this bug.
Thanks to kroimon for patch review.


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1395 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
psychon
2009-02-24 16:00:11 +00:00
parent 6499609608
commit 21120e2146
3 changed files with 40 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/webadmin.cpp
View File

@@ -614,7 +614,7 @@ bool CWebAdminSock::SettingsPage(CString& sPageRet) {
//sArg = GetParam(""); if (!sArg.empty()) { CZNC::Get().Set(sArg); }
VCString vsArgs;
GetParam("motd").Split("\n", vsArgs);
GetRawParam("motd").Split("\n", vsArgs);
CZNC::Get().ClearMotd();
unsigned int a = 0;
@@ -622,7 +622,7 @@ bool CWebAdminSock::SettingsPage(CString& sPageRet) {
CZNC::Get().AddMotd(vsArgs[a].TrimRight_n());
}
GetParam("vhosts").Split("\n", vsArgs);
GetRawParam("vhosts").Split("\n", vsArgs);
CZNC::Get().ClearVHosts();
for (a = 0; a < vsArgs.size(); a++) {
@@ -1044,14 +1044,14 @@ CUser* CWebAdminSock::GetNewUser(CString& sPageRet, CUser* pUser) {
}
VCString vsArgs;
GetParam("servers").Split("\n", vsArgs);
GetRawParam("servers").Split("\n", vsArgs);
unsigned int a = 0;
for (a = 0; a < vsArgs.size(); a++) {
pNewUser->AddServer(vsArgs[a].Trim_n());
}
GetParam("allowedips").Split("\n", vsArgs);
GetRawParam("allowedips").Split("\n", vsArgs);
if (vsArgs.size()) {
for (a = 0; a < vsArgs.size(); a++) {
pNewUser->AddAllowedHost(vsArgs[a].Trim_n());
@@ -1064,7 +1064,7 @@ CUser* CWebAdminSock::GetNewUser(CString& sPageRet, CUser* pUser) {
pNewUser->AddAllowedHost(GetParam("ownip"));
}
GetParam("ctcpreplies").Split("\n", vsArgs);
GetRawParam("ctcpreplies").Split("\n", vsArgs);
for (a = 0; a < vsArgs.size(); a++) {
CString sReply = vsArgs[a].TrimRight_n("\r");
pNewUser->AddCTCPReply(sReply.Token(0).Trim_n(), sReply.Token(1, true).Trim_n());