Flaw in CGI mapfile loading makes it possible to bypass security controls. #6313
Labels
Comments
sdlime
added a commit
that referenced
this issue
Apr 30, 2021
…security controls (#6313) (#6314) * Create coverity-scan.yml * Update coverity-scan.yml * Avoid resource leak... (CID 1503409) * Revert "Avoid resource leak... (CID 1503409)" This reverts commit 7d261af. * Updated... * Limit action to MapServer/MapServer repo, run every Sunday (for now). * Always force map parameter values through validation checks. Add validation checks on environment variable names. * msIsValidRegex(): fix memleak Co-authored-by: Even Rouault <even.rouault@spatialys.com>
rouault
added a commit
to rouault/mapserver
that referenced
this issue
Apr 30, 2021
…security controls (MapServer#6313) (MapServer#6314) * Create coverity-scan.yml * Update coverity-scan.yml * Avoid resource leak... (CID 1503409) * Revert "Avoid resource leak... (CID 1503409)" This reverts commit 7d261af. * Updated... * Limit action to MapServer/MapServer repo, run every Sunday (for now). * Always force map parameter values through validation checks. Add validation checks on environment variable names. * msIsValidRegex(): fix memleak Co-authored-by: Even Rouault <even.rouault@spatialys.com>
sdlime
added a commit
that referenced
this issue
Apr 30, 2021
…security controls (#6313) (#6314) * Create coverity-scan.yml * Update coverity-scan.yml * Avoid resource leak... (CID 1503409) * Revert "Avoid resource leak... (CID 1503409)" This reverts commit 7d261af. * Updated... * Limit action to MapServer/MapServer repo, run every Sunday (for now). * Always force map parameter values through validation checks. Add validation checks on environment variable names. * msIsValidRegex(): fix memleak Co-authored-by: Even Rouault <even.rouault@spatialys.com>
sdlime
added a commit
that referenced
this issue
Apr 30, 2021
…security controls (#6313) (#6314) * Create coverity-scan.yml * Update coverity-scan.yml * Avoid resource leak... (CID 1503409) * Revert "Avoid resource leak... (CID 1503409)" This reverts commit 7d261af. * Updated... * Limit action to MapServer/MapServer repo, run every Sunday (for now). * Always force map parameter values through validation checks. Add validation checks on environment variable names. * msIsValidRegex(): fix memleak Co-authored-by: Even Rouault <even.rouault@spatialys.com>
sdlime
added a commit
that referenced
this issue
Apr 30, 2021
…security controls (#6313) (#6314) * Create coverity-scan.yml * Update coverity-scan.yml * Avoid resource leak... (CID 1503409) * Revert "Avoid resource leak... (CID 1503409)" This reverts commit 7d261af. * Updated... * Limit action to MapServer/MapServer repo, run every Sunday (for now). * Always force map parameter values through validation checks. Add validation checks on environment variable names. * msIsValidRegex(): fix memleak Co-authored-by: Even Rouault <even.rouault@spatialys.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MapServer developers have identified a critical flaw in the logic associated with processing map parameter. It is possible to specify an arbitrary mapfile that bypasses the MS_MAP_NO_PATH and MS_MAP_PATTERN checks. This issue makes it difficult to easily limit where MapServer can load a mapfile from and applies to versions 4.10 and newer.
--Steve
CVE ID: CVE-2021-32062
The text was updated successfully, but these errors were encountered: