Skip to content

Commit

Permalink
Resoving Issue #3026
Browse files Browse the repository at this point in the history
Unsafe deserialization in of selected objects in Cacti
  • Loading branch information
cigamit committed Oct 12, 2019
1 parent 82b665b commit adf2213
Showing 1 changed file with 15 additions and 8 deletions.
23 changes: 15 additions & 8 deletions lib/functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -3100,15 +3100,22 @@ function sanitize_cdef($cdef) {
*/
function sanitize_unserialize_selected_items($items) {
if ($items != '') {
$items = unserialize(stripslashes($items));

if (is_array($items)) {
foreach ($items as $item) {
if (is_array($item)) {
return false;
} elseif (!is_numeric($item) && ($item != '')) {
return false;
$unstripped = stripslashes($items);

// validate that sanitized string is correctly formatted
if (preg_match('/^a:[0-9]+:{/', $unstripped) && !preg_match('/(^|;|{|})O:\+?[0-9]+:"/', $unstripped)) {
$items = unserialize($unstripped);

if (is_array($items)) {
foreach ($items as $item) {
if (is_array($item)) {
return false;
} elseif (!is_numeric($item) && ($item != '')) {
return false;
}
}
} else {
return false;
}
} else {
return false;
Expand Down

0 comments on commit adf2213

Please sign in to comment.