[FFmpeg-cvslog] [ffmpeg-fateserver] branch master updated. a39e4d1 fateserver/log: clean chars in slot, time and log

ffmpeg-git at ffmpeg.org ffmpeg-git at ffmpeg.org
Thu Nov 16 13:35:29 EET 2017 

The branch, master has been updated
       via  a39e4d1bee74647f534589b09eaf15246359d6b6 (commit)
       via  254ddcafa7a176cc1fbf1de73ae0db783bb7fd5f (commit)
      from  1428ab7ac1356d95d81d8e729d2d275eb0bc2d0c (commit)


- Log -----------------------------------------------------------------
commit a39e4d1bee74647f534589b09eaf15246359d6b6
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Tue Oct 17 18:02:53 2017 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Tue Oct 17 18:10:38 2017 +0200

    fateserver/log: clean chars in slot, time and log
    
    Fixes: Directory Traversal
    
    Found-by: Pankaj Jadhav <pankajj736 at gmail.com>
    Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

diff --git a/log.cgi b/log.cgi
index d5d2abb..8767e3a 100755
--- a/log.cgi
+++ b/log.cgi
@@ -22,7 +22,11 @@ use FATE;
 
 my $req_slot = param 'slot';
 my $req_time = param 'time';
+$req_slot =~ s/[^-._A-Za-z0-9 ]*//g;
+$req_time =~ s/[^0-9]*//g;
 my ($req_log, $req_diff) = param('log') =~ m!([^/]+)(?:/([^/]+))?!;
+$req_log  =~ s/[^a-z]*//g;
+$req_diff =~ s/[^0-9]*//g;
 
 my $repdir = "$fatedir/$req_slot/$req_time";
 my $log = "$repdir/$req_log.log.gz";

commit 254ddcafa7a176cc1fbf1de73ae0db783bb7fd5f
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Mon Oct 16 22:00:11 2017 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Mon Oct 16 22:35:31 2017 +0200

    fateserver/index: clean chars in sort parameter
    
    Prevents cross site scripting attack
    
    Found-by: Pankaj Jadhav <pankajj736 at gmail.com>
    Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

diff --git a/index.cgi b/index.cgi
index 030fb52..a164d3b 100755
--- a/index.cgi
+++ b/index.cgi
@@ -32,6 +32,8 @@ use URI::Escape;
 my @queries = split(/\/\//, uri_unescape param 'query') if (param 'query');
 
 my $sort = param('sort');
+$sort =~ s/[^A-Za-z0-9 ]*//g;
+param('sort', $sort);
 $sort    = $sort eq 'arch' ? 'subarch': $sort;
 
 (my $uri = $ENV{REQUEST_URI}) =~ s/\?.*//;

-----------------------------------------------------------------------

Summary of changes:
 index.cgi | 2 ++
 log.cgi   | 4 ++++
 2 files changed, 6 insertions(+)


hooks/post-receive
--

More information about the ffmpeg-cvslog mailing list