[icinga-checkins] icinga.org: icinga-core/rbartels/cgi: classic-ui: fixed Command expansion problem with percentage signs #3929

git at icinga.org git at icinga.org
Sun Apr 7 13:04:21 CEST 2013


Module: icinga-core
Branch: rbartels/cgi
Commit: dc25f2609a01786d462d30c01435c93121e5703b
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=dc25f2609a01786d462d30c01435c93121e5703b

Author: Ricardo Bartels <ricardo at bitchbrothers.com>
Date:   Sun Apr  7 12:58:29 2013 +0200

classic-ui: fixed Command expansion problem with percentage signs #3929

refs: #3929

the CGI's tried to convert everything after a '%' from HEX to ASCII.
Changed this, that only valid HEX characters after a '%' get converted.

whatthecommit: Last time I said it works? I was kidding. Try this.

---

 Changelog    |    1 +
 cgi/getcgi.c |   18 +++++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/Changelog b/Changelog
index 0baa831..e88d793 100644
--- a/Changelog
+++ b/Changelog
@@ -66,6 +66,7 @@ FIXES
 * classic ui: fixed segfault when reading malformed log entries #3528 - RB
 * classic ui: "fixed" Incorrect positioning status popup in statusmap #3861 - RB
 * classic ui: fixed possible NULL dereference-bug in summary.c #3740 - RB
+* classic ui: fixed Command expansion problem with percentage signs #3929 - RB
 
 * docs: add missing cmd_mod description in cgi params #3438 - MF
 * docs: search_string as cgi GET param works also for status.cgi #3451 - MF
diff --git a/cgi/getcgi.c b/cgi/getcgi.c
index 94bd0b6..1538a7f 100644
--- a/cgi/getcgi.c
+++ b/cgi/getcgi.c
@@ -109,15 +109,27 @@ void unescape_cgi_input(char *input) {
 	len = strlen(input);
 	for (x = 0, y = 0; x < len; x++, y++) {
 
-		if (input[x] == '\x0')
+		if (input[x] == '\x0') {
 			break;
-		else if (input[x] == '%') {
+
+		// RB 2013-04-07
+		// only allow hex conversion if '%' is follow by a valid character
+		} else if (input[x] == '%' && (
+			// 0 - 9
+			(input[x+1] >= 48 && input[x+1] <= 57) ||
+			// A - F
+			(input[x+1] >= 65 && input[x+1] <= 70) ||
+			// a - f
+			(input[x+1] >= 97 && input[x+1] <= 102))
+			) {
+
 			input[y] = hex_to_char(&input[x+1]);
 			x += 2;
+
 		// RB 2011-09-08
 		// convert plus as well that it can bu used in service and host names
 		} else if (input[x] == '+') {
-				input[y] = ' ';
+			input[y] = ' ';
 		} else
 			input[y] = input[x];
 	}





More information about the icinga-checkins mailing list