зеркало из https://github.com/mozilla/gecko-dev.git
Fix security issue related to unsanitized rcs version strings:
* Added sanitize_revision() * Do not install SourceChecker.* * Add ~ & ` to shell_escape() Bug #39284 r=timeless
This commit is contained in:
Родитель
6ab1ce036f
Коммит
6653ecac41
|
@ -89,10 +89,24 @@ sub url_encode3 {
|
|||
# Quotify a string, suitable for invoking a shell process
|
||||
sub shell_escape {
|
||||
my ($file) = @_;
|
||||
$file =~ s/([ \"\'\?\$\&\|\!<>\(\)\[\]\;\:])/\\$1/g;
|
||||
$file =~ s/([ \"\'\`\~\?\$\&\|\!<>\(\)\[\]\;\:])/\\$1/g;
|
||||
return $file;
|
||||
}
|
||||
|
||||
# Make sure CVS revisions are in a specific format
|
||||
sub sanitize_revision {
|
||||
my ($rev) = @_;
|
||||
print STDERR "Testing: |$rev|\n";
|
||||
if ($rev =~ /^[A-Za-z]+/) {
|
||||
$rev =~ s/^([\w-]+).*/$1/;
|
||||
} elsif ($rev =~ /^\d+\.\d+/) {
|
||||
$rev =~ s/^(\d+[\.\d+]+).*/$1/;
|
||||
} elsif (defined($rev) && $rev ne "") {
|
||||
$rev = "1.1";
|
||||
}
|
||||
return $rev;
|
||||
}
|
||||
|
||||
##
|
||||
## Routines to generate html as part of Bonsai
|
||||
##
|
||||
|
|
|
@ -41,8 +41,6 @@ RCSDIFF=@RCSDIFF@
|
|||
CVSGRAPH=@CVSGRAPH@
|
||||
|
||||
FILES = CGI.pl \
|
||||
SourceChecker.cgi \
|
||||
SourceChecker.pm \
|
||||
addcheckin.pl \
|
||||
admin.cgi \
|
||||
adminfuncs.pl \
|
||||
|
|
|
@ -76,13 +76,6 @@ accreted wildly. There is probably quite a lot of dead code in here.
|
|||
Makefile.in: "make install" lets you specify where you store
|
||||
perl and bonsai on your system.
|
||||
|
||||
SourceChecker.cgi scc wrote to help sanitize code. DELETE
|
||||
Called by: nobody
|
||||
|
||||
SourceChecker.pm Called by:
|
||||
SourceChecker.cgi
|
||||
cvsblame.cgi when passed sanitize=<dictionary>
|
||||
|
||||
addcheckin.pl Perl. Add a checkin to a Bonsai hook. Determines
|
||||
if the tree was open or closed at the time, shunts
|
||||
checkin to proper tree.
|
||||
|
|
|
@ -54,7 +54,6 @@ sub sillyness {
|
|||
|
||||
require 'CGI.pl';
|
||||
require 'cvsblame.pl';
|
||||
use SourceChecker;
|
||||
|
||||
# Cope with the cookie and print the header, first thing. That way, if
|
||||
# any errors result, they will show up for the user.
|
||||
|
@ -73,15 +72,6 @@ my $SubHead = '';
|
|||
|
||||
my @src_roots = getRepositoryList();
|
||||
|
||||
# Init sanitiazation source checker
|
||||
#
|
||||
my $sanitization_dictionary = $::FORM{sanitize};
|
||||
my $opt_sanitize = defined $sanitization_dictionary;
|
||||
if ( $opt_sanitize )
|
||||
{
|
||||
dbmopen %SourceChecker::token_dictionary, "$sanitization_dictionary", 0664;
|
||||
}
|
||||
|
||||
# Init byrd's 'feature' to allow html in comments
|
||||
#
|
||||
my $opt_html_comments = &html_comments_init();
|
||||
|
@ -107,7 +97,8 @@ my $url_file_tail = url_quote($file_tail);
|
|||
# Handle the "rev" argument
|
||||
#
|
||||
$::opt_rev = '';
|
||||
$::opt_rev = $::FORM{rev} if defined $::FORM{rev} and $::FORM{rev} ne 'HEAD';
|
||||
$::opt_rev = sanitize_revision($::FORM{rev}) if
|
||||
defined $::FORM{rev} and $::FORM{rev} ne 'HEAD';
|
||||
my $revstr = '';
|
||||
$revstr = "&rev=$::opt_rev" unless $::opt_rev eq '';
|
||||
my $browse_revtag = 'HEAD';
|
||||
|
@ -322,9 +313,6 @@ foreach $revision (@::revision_map)
|
|||
if ($opt_html_comments) {
|
||||
# Don't escape HTML in C/C++ comments
|
||||
$text = &leave_html_comments($text);
|
||||
} elsif ( $opt_sanitize ){
|
||||
# Mark filty words and Escape HTML meta-characters
|
||||
$text = markup_line($text);
|
||||
} else {
|
||||
$text =~ s/&/&/g;
|
||||
$text =~ s/</</g;
|
||||
|
@ -438,11 +426,6 @@ if ($::use_layers || $::use_dom) {
|
|||
|
||||
&print_bottom;
|
||||
|
||||
if ( $opt_sanitize )
|
||||
{
|
||||
dbmclose %SourceChecker::token_dictionary;
|
||||
}
|
||||
|
||||
## END of main script
|
||||
|
||||
sub max {
|
||||
|
|
|
@ -28,7 +28,7 @@ require 'CGI.pl';
|
|||
my $file= $::FORM{'file'};
|
||||
my $mark= $::FORM{'mark'};
|
||||
my $ln = ($mark > 10 ? $mark-10 : 1 );
|
||||
my $rev = $::FORM{'rev'};
|
||||
my $rev = sanitize_revision($::FORM{'rev'});
|
||||
my $debug = $::FORM{'debug'};
|
||||
|
||||
print "Content-Type: text/html\n\n";
|
||||
|
|
|
@ -73,7 +73,8 @@ my $url_file_tail = url_quote($file_tail);
|
|||
# Handle the "rev" argument
|
||||
#
|
||||
$::opt_rev = "";
|
||||
$::opt_rev = $::FORM{'rev'} if defined $::FORM{'rev'} && $::FORM{'rev'} !~ m/^(HEAD|MAIN)$/;
|
||||
$::opt_rev = sanitize_revision($::FORM{'rev'}) if
|
||||
defined $::FORM{'rev'} && $::FORM{'rev'} !~ m/^(HEAD|MAIN)$/;
|
||||
my $revstr = '';
|
||||
$revstr = "&rev=$::opt_rev" unless $::opt_rev eq '';
|
||||
my $browse_revtag = 'HEAD';
|
||||
|
|
|
@ -120,9 +120,8 @@ print "</td></tr>";
|
|||
# Branch
|
||||
#
|
||||
if( defined $::FORM{branch} ){
|
||||
$b = $::FORM{branch};
|
||||
}
|
||||
else {
|
||||
$b = sanitize_revision($::FORM{branch});
|
||||
} else {
|
||||
$b = "HEAD";
|
||||
}
|
||||
print "<tr>
|
||||
|
|
|
@ -123,17 +123,17 @@ $prefix = $script_name . $ENV{PATH_INFO} . '?' if (exists($ENV{PATH_INFO}));
|
|||
# http://w3/cgi/cvsview.pl?subdir=foo&file=bar would assign
|
||||
# $opt_subdir = foo and $opt_file = bar.
|
||||
|
||||
my $opt_rev1 = $request->param('rev1');
|
||||
my $opt_rev2 = $request->param('rev2');
|
||||
my $opt_rev1 = sanitize_revision($request->param('rev1'));
|
||||
my $opt_rev2 = sanitize_revision($request->param('rev2'));
|
||||
my $opt_root = $request->param('root');
|
||||
my $opt_files = $request->param('files');
|
||||
my $opt_skip = $request->param('skip') || 0;
|
||||
my $opt_diff_mode = $request->param('diff_mode') || 'context';
|
||||
my $opt_whitespace_mode = $request->param('whitespace_mode') || 'show';
|
||||
my $opt_file = $request->param('file');
|
||||
my $opt_rev = $request->param('diff_mode');
|
||||
my $opt_rev = sanitize_revision($request->param('rev'));
|
||||
my $opt_subdir = $request->param('subdir');
|
||||
my $opt_branch = $request->param('branch');
|
||||
my $opt_branch = sanitize_revision($request->param('branch'));
|
||||
my $opt_command = $request->param('command');
|
||||
my $url_file = url_quote($opt_file);
|
||||
|
||||
|
|
|
@ -42,7 +42,13 @@ my $RealFilename = DataDir() . "/$Filename";
|
|||
Lock();
|
||||
|
||||
my $Text = '';
|
||||
$Text = `cat $RealFilename` if -f $RealFilename;
|
||||
if (-f $RealFilename) {
|
||||
open(FILE, $ReadFilename);
|
||||
while (<FILE>) {
|
||||
$Text .= $_;
|
||||
}
|
||||
close(FILE);
|
||||
}
|
||||
|
||||
unless (FormData('origtext') eq $Text) {
|
||||
PutsHeader("Oops!", "Oops!", "Someone else has been here!");
|
||||
|
|
|
@ -39,7 +39,13 @@ my $Filename = FormData('msgname');
|
|||
my $RealFilename = DataDir() . "/$Filename";
|
||||
|
||||
my $Text = '';
|
||||
$Text = `cat $RealFilename` if -f $RealFilename;
|
||||
if (-f $RealFilename) {
|
||||
open(FILE, $ReadFilename);
|
||||
while (<FILE>) {
|
||||
$Text .= $_;
|
||||
}
|
||||
close(FILE);
|
||||
}
|
||||
|
||||
LoadTreeConfig();
|
||||
PutsHeader("Message Editor", "Message Editor",
|
||||
|
|
|
@ -65,7 +65,7 @@ if( $form{"allchanges"} ){
|
|||
}
|
||||
else {
|
||||
while( my ($k, $v) = each( %form ) ){
|
||||
push( @revs, $k );
|
||||
push( @revs, sanitize_revision($k) );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -61,11 +61,8 @@ $dir = "" if ($dir =~ /^\.\.\/$/);
|
|||
$dir =~ s/^\/([^:]*)/$1/;
|
||||
$dir =~ s/([^:]*)\/$/$1/;
|
||||
|
||||
my $rev = $::FORM{"rev"};
|
||||
|
||||
if(!defined($rev)) {
|
||||
$rev='';
|
||||
}
|
||||
my $rev = '';
|
||||
$rev = sanitize_revision($::FORM{"rev"}) if defined($::FORM{"rev"});
|
||||
|
||||
print "Content-type: text/html\n\n";
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче