Mirrors
/
aredn
mirror of https://github.com/aredn/aredn.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bugfix: read_postdata() accepts files when not expected 

Correct read_postdata() to only accept files from pages that are
specifically designed to accept files.

This should be limited to authenticated pages only.

SCS-2017-001

Change-Id: Ic40f19a88e543d83a8097abcd4e7254ccea90f49
This commit is contained in:
Conrad Lara - KG6JEI 2017-01-24 20:06:43 -08:00 committed by KG6JEI
parent 8e08363414
commit 24a3243215
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/www/cgi-bin/admin
View File

@ -57,7 +57,7 @@ sub firmware_list_gen
$debug = 0; $debug = 0;
$| = 1; $| = 1;
read_postdata(); read_postdata({acceptfile => true});
reboot_page("/cgi-bin/status") if $parms{button_reboot}; reboot_page("/cgi-bin/status") if $parms{button_reboot};
read_query_string(); read_query_string();
$node = nvram_get("node"); $node = nvram_get("node");

3
files/www/cgi-bin/perlfunc.pm
View File

@ -166,6 +166,7 @@ sub fgets
# (from STDIN in method=post form) # (from STDIN in method=post form)
sub read_postdata sub read_postdata
{ {
my ($pdc) = @_;
if ( $ENV{REQUEST_METHOD} != "POST" || !$ENV{CONTENT_LENGTH}){ return; }; if ( $ENV{REQUEST_METHOD} != "POST" || !$ENV{CONTENT_LENGTH}){ return; };
my ($line, $parm, $file, $handle, $tmp); my ($line, $parm, $file, $handle, $tmp);
my $state = "boundary"; my $state = "boundary";
@ -188,7 +189,7 @@ sub read_postdata
if(($parm, $file) = $line =~ /^$prefix name="(\w+)"; filename="(.*)"$/) if(($parm, $file) = $line =~ /^$prefix name="(\w+)"; filename="(.*)"$/)
{ # file upload { # file upload
$parms{$parm} = $file; $parms{$parm} = $file;
if($file) { $state = "ctype" } if($file && $pdc->{acceptfile}) { $state = "ctype" }
else { $state = "boundary" } else { $state = "boundary" }
} }
elsif(($parm) = $line =~ /^$prefix name="(\w+)"$/) elsif(($parm) = $line =~ /^$prefix name="(\w+)"$/)