[icinga-checkins] icinga.org: icinga-core/master: re-fix xss vulnerability and string escaping for command expansion #1605 #1624
git at icinga.org
git at icinga.org
Thu Jun 9 14:10:51 CEST 2011
Module: icinga-core
Branch: master
Commit: bd1ae152da80b108b0bb4dad98b34666787d8257
URL: https://git.icinga.org/?p=icinga-core.git;a=commit;h=bd1ae152da80b108b0bb4dad98b34666787d8257
Author: Michael Friedrich <michael.friedrich at univie.ac.at>
Date: Wed Jun 8 23:25:49 2011 +0200
re-fix xss vulnerability and string escaping for command expansion #1605 #1624
refs #1605
refs #1624
---
cgi/config.c | 44 ++++++++++++++++++++++----------------------
1 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/cgi/config.c b/cgi/config.c
index 28f277e..dec767a 100644
--- a/cgi/config.c
+++ b/cgi/config.c
@@ -112,7 +112,7 @@ void print_expand_input(int type){
else if (type==DISPLAY_HOSTESCALATIONS){ seldesc=" Escalations for Host"; }
printf("<tr><td align=left class='reportSelectSubTitle'>Show Only%s:</td></tr>\n",seldesc);
printf("<tr><td align=left class='reportSelectItem'><input type='text' name='expand'\n");
- printf("value='%s'>",html_encode(to_expand,FALSE));
+ printf("value='%s'>",escape_string(to_expand));
}
int main(void){
@@ -429,7 +429,7 @@ int process_cgivars(void){
error=TRUE;
break;
}
- strncpy(to_expand,escape_string(variables[x]),MAX_COMMAND_BUFFER);
+ strncpy(to_expand,variables[x],MAX_COMMAND_BUFFER);
to_expand[MAX_COMMAND_BUFFER-1]='\0';
}
@@ -516,7 +516,7 @@ void display_hosts(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Host%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P><DIV ALIGN=CENTER>\n");
printf("<TABLE BORDER=0 CLASS='data'>\n");
@@ -1076,7 +1076,7 @@ void display_hostgroups(void){
printf("%sAction URL%s\n",csv_data_enclosure,csv_data_enclosure);
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Host Group%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -1209,7 +1209,7 @@ void display_servicegroups(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Service Group%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -1348,7 +1348,7 @@ void display_contacts(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Contact%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -1629,7 +1629,7 @@ void display_contactgroups(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Contact Group%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -1771,7 +1771,7 @@ void display_services(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Service%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":"s Named or on Host "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":"s Named or on Host "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -2314,7 +2314,7 @@ void display_timeperiods(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Time Period%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -2591,7 +2591,7 @@ void display_commands(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Command%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P><DIV ALIGN=CENTER>\n");
printf("<TABLE BORDER=0 CLASS='data'>\n");
@@ -2664,7 +2664,7 @@ void display_servicedependencies(void){
printf("%sDependency Failure Options%s\n",csv_data_enclosure,csv_data_enclosure);
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Service Dependencie%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":"s Involving Host "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":"s Involving Host "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -2819,7 +2819,7 @@ void display_serviceescalations(void){
printf("%sEscalation Options%s\n",csv_data_enclosure,csv_data_enclosure);
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Service Escalation%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":"s on Host "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":"s on Host "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -3067,7 +3067,7 @@ void display_hostdependencies(void){
printf("%sDependency Failure Options%s\n",csv_data_enclosure,csv_data_enclosure);
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Host Dependencie%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":"s Involving Host "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":"s Involving Host "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -3202,7 +3202,7 @@ void display_hostescalations(void){
printf("%sEscalation Options%s\n",csv_data_enclosure,csv_data_enclosure);
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Host Escalation%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":"s for Host "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":"s for Host "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P>\n");
printf("<DIV ALIGN=CENTER>\n");
@@ -3421,7 +3421,7 @@ void display_modules(void){
printf("\n");
} else {
printf("<P><DIV ALIGN=CENTER CLASS='dataTitle'>Module%s%s</DIV></P>\n",
- (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":html_encode(to_expand,FALSE)));
+ (*to_expand=='\0'?"s":" "),(*to_expand=='\0'?"":escape_string(to_expand)));
printf("<P><DIV ALIGN=CENTER>\n");
printf("<TABLE BORDER=0 CLASS='data'>\n");
@@ -3548,9 +3548,9 @@ void display_command_expansion(void){
if ((*to_expand)!='\0'){
arg_count[0]=0;
- printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s",command_args[0]);
+ printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s",escape_string(command_args[0]));
for (i=1;(i<MAX_COMMAND_ARGUMENTS)&&command_args[i];i++)
- printf("!<FONT\n COLOR='%s'>%s</FONT>",hash_color(i),command_args[i]);
+ printf("!<FONT\n COLOR='%s'>%s</FONT>",hash_color(i),escape_string(command_args[i]));
printf("\n</TD></TR>\n");
/* check all commands */
@@ -3607,7 +3607,7 @@ void display_command_expansion(void){
if (command_args[i]){
if (*(command_args[i])!='\0') printf("<FONT COLOR='%s'><B>%s%s%s</B></FONT>",
hash_color(i),((lead_space[i]>0)||(trail_space[i]>0)?"<U>":""),
- html_encode(command_args[i],FALSE),((lead_space[i]>0)||(trail_space[i]>0)?"</U>":""));
+ escape_string(command_args[i]),((lead_space[i]>0)||(trail_space[i]>0)?"</U>":""));
else printf("<FONT COLOR='#0000FF'>(empty)</FONT>");
}
else printf("<FONT COLOR='#0000FF'>(undefined)</FONT>");
@@ -3632,13 +3632,13 @@ void display_command_expansion(void){
if (arg_count[i]==0){
printf("<TR CLASS='%s'><TD CLASS='%s' ALIGN='right'><FONT COLOR='#FF0000'>unused:</FONT></TD>\n",bg_class,bg_class);
printf("<TD CLASS='%s'>$ARG%u$=<FONT COLOR='%s'>%s%s%s</FONT></TD></TR>\n",bg_class,i,hash_color(i),
- ((lead_space[i]>0)||(trail_space[i]>0)?"<U>":""),html_encode(command_args[i],FALSE),
+ ((lead_space[i]>0)||(trail_space[i]>0)?"<U>":""),escape_string(command_args[i]),
((lead_space[i]>0)||(trail_space[i]>0)?"</U>":""));
}
else if (arg_count[i]>1){
printf("<TR CLASS='%s'><TD CLASS='%s' ALIGN='right'>used %u x:</TD>\n",bg_class,bg_class,i);
printf("<TD CLASS='%s'>$ARG%u$=<FONT COLOR='%s'>%s%s%s</FONT></TD></TR>\n",bg_class,i,hash_color(i),
- ((lead_space[i]>0)||(trail_space[i]>0)?"<U>":""),html_encode(command_args[i],FALSE),
+ ((lead_space[i]>0)||(trail_space[i]>0)?"<U>":""),escape_string(command_args[i]),
((lead_space[i]>0)||(trail_space[i]>0)?"</U>":""));
}
if ((lead_space[i]>0)||(trail_space[i]>0)){
@@ -3673,13 +3673,13 @@ void display_command_expansion(void){
if (!arg_count[0]){
printf("<TR CLASS='dataOdd'><TD CLASS='dataOdd' ALIGN='right'><FONT\n");
printf("COLOR='#FF0000'>Error:</FONT></TD><TD CLASS='dataOdd'><FONT COLOR='#FF0000'>No\n");
- printf("command "%s" found</FONT></TD></TR>\n",html_encode(command_args[0],FALSE));
+ printf("command "%s" found</FONT></TD></TR>\n",escape_string(command_args[0]));
}
}
printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'><FORM\n");
printf("METHOD='GET' ACTION='%s'><INPUT TYPE='HIDDEN' NAME='type' VALUE='command'><INPUT\n",CONFIG_CGI);
- printf("TYPE='text' NAME='expand' SIZE='100%%' VALUE='%s'>\n",html_encode(to_expand,FALSE));
+ printf("TYPE='text' NAME='expand' SIZE='100%%' VALUE='%s'>\n",escape_string(to_expand));
printf("<INPUT TYPE='SUBMIT' VALUE='Go'></FORM></TD></TR>\n");
printf("</TABLE>\n");
More information about the icinga-checkins
mailing list