source@mandoc.bsd.lv
 help / color / Atom feed
* cvsweb: similar to rev.
@ 2019-11-09  9:41 schwarze
  0 siblings, 0 replies; 2+ messages in thread
From: schwarze @ 2019-11-09  9:41 UTC (permalink / raw)
  To: source

Log Message:
-----------
similar to rev. 3.119.2.18:
bump VERSION to 3.1

Modified Files:
--------------
    cvsweb:
        cvsweb.cgi

Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.7
retrieving revision 4.8
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.7 -r4.8
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -113,7 +113,7 @@ use constant HAS_EDIFF    => eval { requ
 
 BEGIN
 {
-  $VERSION = '3.0.6';
+  $VERSION = '3.1';
 
   $HTML_DOCTYPE =
     '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ' .
--
 To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv

^ permalink raw reply	[flat|nested] 2+ messages in thread

* cvsweb: similar to rev.
@ 2019-11-09 10:06 schwarze
  0 siblings, 0 replies; 2+ messages in thread
From: schwarze @ 2019-11-09 10:06 UTC (permalink / raw)
  To: source

Log Message:
-----------
similar to rev. 3.119.2.22:
Fix the QUERY_STRING parts of the XSS vulnerabilities found by Ezio Paglia
in a more robust way: do very strict whitelist-based input validation on
the characters occurring in the QUERY_STRING, such that everything
stored in the %input hash table is safe in the first place without
requiring any kind of escaping later.  When finding unexpected characters
in the QUERY_STRING, it is safest to simply error out fatal()ly.

Modified Files:
--------------
    cvsweb:
        cvsweb.cgi

Revision Data
-------------
Index: cvsweb.cgi
===================================================================
RCS file: /home/cvs/mandoc/cvsweb/cvsweb.cgi,v
retrieving revision 4.8
retrieving revision 4.9
diff -Lcvsweb.cgi -Lcvsweb.cgi -u -p -r4.8 -r4.9
--- cvsweb.cgi
+++ cvsweb.cgi
@@ -358,9 +358,17 @@ if (defined($ENV{QUERY_STRING})) {
     $p =~ y/+/ /;
     my ($key, $val) = split(/=/, $p, 2);
     next unless defined($key);
-    $val = 1 unless defined($val);
-    ($key = uri_unescape($key)) =~ /[[:graph:]]/ or next;
-    ($val = uri_unescape($val)) =~ /[[:graph:]]/ or next;
+    $key = uri_unescape($key);
+    $key =~ /([^a-z_12-])/ and fatal('404 Not Found',
+      'Invalid character "%s" in query parameter "%s"', $1, $key);
+    if (defined $val) {
+      $val = uri_unescape($val);
+      $val =~ /([^a-zA-Z_01-9.\/-])/ and fatal('404 Not Found',
+        'Invalid character "%s" in the value "%s" of the query parameter "%s"',
+        $1, $value, $key);
+    } else {
+      $val = 1;
+    }
     $query{$key} = $val;
   }
 }
--
 To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-09  9:41 cvsweb: similar to rev schwarze
2019-11-09 10:06 schwarze

source@mandoc.bsd.lv

Archives are clonable: git clone --mirror http://inbox.vuxu.org/mandoc-source

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.mandoc.source


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git