Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed vulnerabilities identified by red4sec.com (#4521)
  • Loading branch information
ktsaou committed Oct 30, 2018
1 parent a35bd00 commit 92327c9
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
4 changes: 3 additions & 1 deletion libnetdata/url/url.c
Expand Up @@ -60,7 +60,9 @@ char *url_decode_r(char *to, char *url, size_t size) {
while(*s && d < e) {
if(unlikely(*s == '%')) {
if(likely(s[1] && s[2])) {
*d++ = from_hex(s[1]) << 4 | from_hex(s[2]);
char t = from_hex(s[1]) << 4 | from_hex(s[2]);
// avoid HTTP header injection
*d++ = (char)((isprint(t))? t : ' ');
s += 2;
}
}
Expand Down
17 changes: 17 additions & 0 deletions web/api/web_api_v1.c
Expand Up @@ -233,6 +233,15 @@ inline int web_client_api_request_v1_chart(RRDHOST *host, struct web_client *w,
return web_client_api_request_single_chart(host, w, url, rrd_stats_api_v1_chart);
}

void fix_google_param(char *s) {
if(unlikely(!s)) return;

for( ; *s ;s++) {
if(!isalnum(*s) && *s != '.' && *s != '_' && *s != '-')
*s = '_';
}
}

// returns the HTTP code
inline int web_client_api_request_v1_data(RRDHOST *host, struct web_client *w, char *url) {
debug(D_WEB_CLIENT, "%llu: API v1 data with URL '%s'", w->id, url);
Expand Down Expand Up @@ -332,6 +341,14 @@ inline int web_client_api_request_v1_data(RRDHOST *host, struct web_client *w, c
}
}

// validate the google parameters given
fix_google_param(google_out);
fix_google_param(google_sig);
fix_google_param(google_reqId);
fix_google_param(google_version);
fix_google_param(responseHandler);
fix_google_param(outFileName);

if(!chart || !*chart) {
buffer_sprintf(w->response.data, "No chart id is given at the request.");
goto cleanup;
Expand Down

0 comments on commit 92327c9

Please sign in to comment.