Move AllowedFileRegex from catalog into global configuration

This prevents catalog-level tampering of the regular expression used for checking paths are allowed by NoAbsolute. It is set at startup time but before as a catalog configuration entry could be manipulated even in Safe page code. Problem reported by Peter Ajamian. (Cherry Picked from f34ce1b)
interchange · Sep 16, 2009 · 83812b0 · 83812b0
1 parent 09e346b
commit 83812b0
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 16 deletions.
diff --git a/dist/test/products/tests.asc b/dist/test/products/tests.asc
@@ -4516,6 +4516,34 @@ The NOT expected result.
 %%
 Skeleton test.
 %%%
+000166
+%%
+<pre>Before munging AllowedFileRegex:
+Should fail: [write-relative-file file='/tmp/superdogfood']One special line[/write-relative-file]
+Should succeed: [write-relative-file file='tmp/superdogfood']One special line[/write-relative-file]
+[calcn]
+    $Config->{AllowedFileRegex} = '.*';
+    return;
+[/calcn]
+After munging AllowedFileRegex:
+Should fail: [write-relative-file file='/tmp/superdogfood']One special line[/write-relative-file]
+Should succeed: [write-relative-file file='tmp/superdogfood']One special line[/write-relative-file]
+</pre>
+%%
+<pre>Before munging AllowedFileRegex:
+Should fail: 
+Should succeed: 1
+
+After munging AllowedFileRegex:
+Should fail: 
+Should succeed: 1
+</pre>
+%%
+%%
+
+%%
+Verify fix of AllowedFileRegex circumvention
+%%%
 999999
 %%
 [the test] [perl]

diff --git a/lib/Vend/Config.pm b/lib/Vend/Config.pm
@@ -52,7 +52,7 @@ use Vend::File;
 use Vend::Data;
 use Vend::Cron;
 
-$VERSION = substr(q$Revision: 2.188.2.4 $, 10);
+$VERSION = '2.188.2.4';
 
 my %CDname;
 my %CPname;
@@ -3440,7 +3440,7 @@ sub set_default_search {
 							@{$C->{TemplateDir} || []},
 							@{$Global::TemplateDir || []};
 			my $re = join "|", @paths;
-			$C->{AllowedFileRegex} = qr{^($re)};
+			$Global::AllowedFileRegex->{$C->{CatalogName}} = qr{^($re)};
 			return 1;
 		},
 		Autoload => sub {

diff --git a/lib/Vend/Dispatch.pm b/lib/Vend/Dispatch.pm
@@ -1,8 +1,6 @@
 # Vend::Dispatch - Handle Interchange page requests
 #
-# $Id: Dispatch.pm,v 1.60.2.3 2007-03-30 12:15:27 pajamian Exp $
-#
-# Copyright (C) 2002-2005 Interchange Development Group
+# Copyright (C) 2002-2009 Interchange Development Group
 # Copyright (C) 2002 Mike Heins <mike@perusion.net>
 #
 # This program was originally based on Vend 0.2 and 0.3
@@ -26,7 +24,7 @@
 package Vend::Dispatch;
 
 use vars qw($VERSION);
-$VERSION = substr(q$Revision: 1.60.2.3 $, 10);
+$VERSION = '1.60.2.3';
 
 use POSIX qw(strftime);
 use Vend::Util;
@@ -731,26 +729,28 @@ sub run_in_catalog {
 	my $dir;
 	my @itl;
 	if($job) {
-		my ($d, $global_dir, $tmp);
 		my @jobdirs = ([$jobscfg->{base_directory} || 'etc/jobs', 0]);
 
 		if ($jobscfg->{use_global}) {
 			push (@jobdirs, ["$Global::ConfDir/jobs", 1]);
 		}
 
+		my $global_dir;
 		for my $r (@jobdirs) {
-#::logGlobal("check directory=$d for $job");
+			my $d;
 			($d, $global_dir) = @$r;
+#::logGlobal("check directory=$d for $job");
 			next unless $d;
 			next unless -d "$d/$job";
 			$dir = "$d/$job";
 			last;
 		}
 
 		if($dir) {
+			my $tmp;
 			if ($global_dir) {
-				$tmp = $Vend::Cfg->{AllowedFileRegex};
-				$Vend::Cfg->{AllowedFileRegex} = qr{^$dir};
+				$tmp = $Global::AllowedFileRegex->{$cat};
+				$Global::AllowedFileRegex->{$cat} = qr{^$dir};
 			}
 
 			my @f = glob("$dir/*");
@@ -762,7 +762,7 @@ sub run_in_catalog {
 			}
 
 			if ($global_dir) {
-				$Vend::Cfg->{AllowedFileRegex} = $tmp;
+				$Global::AllowedFileRegex->{$cat} = $tmp;
 			}
 		}
 	}

diff --git a/lib/Vend/File.pm b/lib/Vend/File.pm
@@ -1,8 +1,6 @@
 # Vend::File - Interchange file functions
 #
-# $Id: File.pm,v 2.21.2.1 2007-03-30 12:15:27 pajamian Exp $
-# 
-# Copyright (C) 2002-2005 Interchange Development Group
+# Copyright (C) 2002-2009 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
 #
 # This program was originally based on Vend 0.2 and 0.3
@@ -55,7 +53,7 @@ use File::Path;
 use File::Copy;
 use subs qw(logError logGlobal);
 use vars qw($VERSION @EXPORT @EXPORT_OK $errstr);
-$VERSION = substr(q$Revision: 2.21.2.1 $, 10);
+$VERSION = '2.21.2.1';
 
 sub writefile {
     my($file, $data, $opt) = @_;
@@ -657,7 +655,7 @@ sub allowed_file {
 	$Vend::File::errstr = '';
 	if(	$Global::NoAbsolute
 			and
-		$fn !~ $Vend::Cfg->{AllowedFileRegex}
+		$fn !~ $Global::AllowedFileRegex->{$Vend::Cat}
 			and
 		absolute_or_relative($fn)
 		)