msCGILoadMap(): do not load file pointed by CONTEXT= unless it validates new MS_CONTEXT_PATTERN configuration option (and doesn't validate MS_CONTEXT_BAD_PATTERN) (fixes #6779)

rouault · rouault · commit 1ab19e72b05a · 2023-01-03T21:10:31.000+01:00
diff --git a/mapcontext.c b/mapcontext.c
@@ -664,7 +664,7 @@ int msLoadMapContextLayerDimension(CPLXMLNode *psDimension, layerObj *layer)
 */
 int msLoadMapContextGeneral(mapObj *map, CPLXMLNode *psGeneral,
                             CPLXMLNode *psMapContext, int nVersion,
-                            char *filename)
+                            const char *filename)
 {
 
   char *pszProj=NULL;
@@ -809,7 +809,7 @@ int msLoadMapContextGeneral(mapObj *map, CPLXMLNode *psGeneral,
 ** Load a Layer block from a MapContext document
 */
 int msLoadMapContextLayer(mapObj *map, CPLXMLNode *psLayer, int nVersion,
-                          char *filename, int unique_layer_names)
+                          const char *filename, int unique_layer_names)
 {
   char *pszValue;
   const char *pszHash;
@@ -1106,7 +1106,7 @@ int msLoadMapContextURL(mapObj *map, char *urlfilename, int unique_layer_names)
 ** (eg l:1:park. l:2:road ...). If It is set to MS_FALSE, the layer name
 ** would be the same name as the layer name in the context
 */
-int msLoadMapContext(mapObj *map, char *filename, int unique_layer_names)
+int msLoadMapContext(mapObj *map, const char *filename, int unique_layer_names)
 {
 #if defined(USE_WMS_LYR)
   char *pszWholeText, *pszValue;
diff --git a/mapows.h b/mapows.h
@@ -551,7 +551,7 @@ MS_DLL_EXPORT char *msWFSExecuteGetFeature(layerObj *lp);
 
 MS_DLL_EXPORT int msWriteMapContext(mapObj *map, FILE *stream);
 MS_DLL_EXPORT int msSaveMapContext(mapObj *map, char *filename);
-MS_DLL_EXPORT int msLoadMapContext(mapObj *map, char *filename, int unique_layer_names);
+MS_DLL_EXPORT int msLoadMapContext(mapObj *map, const char *filename, int unique_layer_names);
 MS_DLL_EXPORT int msLoadMapContextURL(mapObj *map, char *urlfilename, int unique_layer_names);
 
 
diff --git a/mapservutil.c b/mapservutil.c
@@ -303,8 +303,30 @@ mapObj *msCGILoadMap(mapservObj *mapserv)
           if(strncasecmp(mapserv->request->ParamValues[i],"http",4) == 0) {
             if(msGetConfigOption(map, "CGI_CONTEXT_URL"))
               msLoadMapContextURL(map, mapserv->request->ParamValues[i], MS_FALSE);
-          } else
-            msLoadMapContext(map, mapserv->request->ParamValues[i], MS_FALSE);
+          } else {
+            const char *map_context_filename = mapserv->request->ParamValues[i];
+            const char *ms_context_pattern = CPLGetConfigOption("MS_CONTEXT_PATTERN", NULL);
+            const char *ms_context_bad_pattern = CPLGetConfigOption("MS_CONTEXT_BAD_PATTERN", NULL);
+            if(ms_context_bad_pattern == NULL) ms_context_bad_pattern = ms_map_bad_pattern_default;
+
+            if(ms_context_pattern == NULL) { // can't go any further, bail
+              msSetError(MS_WEBERR, "Required configuration value MS_CONTEXT_PATTERN not set.", "msCGILoadMap()");
+              msFreeMap(map);
+              return NULL;
+            }
+            if(msIsValidRegex(ms_context_bad_pattern) == MS_FALSE ||
+               msEvalRegex(ms_context_bad_pattern, map_context_filename) == MS_TRUE) {
+              msSetError(MS_WEBERR, "CGI variable \"context\" fails to validate.", "msCGILoadMap()");
+              msFreeMap(map);
+              return NULL;
+            }
+            if(msEvalRegex(ms_context_pattern, map_context_filename) != MS_TRUE) {
+              msSetError(MS_WEBERR, "CGI variable \"context\" fails to validate.", "msCGILoadMap()");
+              msFreeMap(map);
+              return NULL;
+            }
+            msLoadMapContext(map, map_context_filename, MS_FALSE);
+          }
         }
       }
     }
