diff options
| author |   claudio <claudio@openbsd.org> | 2007-10-10 13:23:40 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2007-10-10 13:23:40 +0000 |
| commit | 243d9a3d16f7fec314332ea188b9ec21fe3ae663 (patch) | |
| tree | 7438258df93d875babcb2235226373e81ce5966f | |
| parent | Fix some obviously bogus code in vge_newbuf(). Should fix PR 5582. (diff) | |
| download | wireguard-openbsd-243d9a3d16f7fec314332ea188b9ec21fe3ae663.tar.xz wireguard-openbsd-243d9a3d16f7fec314332ea188b9ec21fe3ae663.zip | |
Limit the allowed characters in a request to [a-zA-Z0-9-_.:/= ] everything
else will cause an "invalid character in input" error.
Fixes xss issue noticed by Anton Karpov.
OK henning@, sthen@
| -rw-r--r-- | usr.bin/bgplg/bgplg.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/usr.bin/bgplg/bgplg.c b/usr.bin/bgplg/bgplg.c index b034cdfdbd4..db8cae0ca4d 100644 --- a/usr.bin/bgplg/bgplg.c +++ b/usr.bin/bgplg/bgplg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgplg.c,v 1.6 2007/09/13 23:32:39 cloder Exp $ */ +/* $OpenBSD: bgplg.c,v 1.7 2007/10/10 13:23:40 claudio Exp $ */ /* * Copyright (c) 2005, 2006 Reyk Floeter <reyk@vantronix.net> @@ -109,16 +109,15 @@ lg_getenv(const char *name, int *lenp) *lenp = len; #define allowed_in_string(_x) \ - ((isalnum(_x) || isprint(_x)) && \ - (_x != '%' && _x != '\\' && _x != ';' && _x != '|')) + (isalnum(_x) || strchr("-_.:/= ", _x)) for (i = 0; i < len; i++) { + if (ptr[i] == '&') + ptr[i] = '\0'; if (!allowed_in_string(ptr[i])) { printf("invalid character in input\n"); return (NULL); } - if (ptr[i] == '&') - ptr[i] = '\0'; } return (ptr); |