Skip to content

Loading…

Fix for Bug 880699 #1017

Merged
merged 1 commit into from

3 participants

@jwhonce

restorer.php security patch

@jwhonce jwhonce Fix for Bug 880699
restorer.php security patch
32564a0
@jwhonce

[merge]

@openshift-bot
OpenShift Origin member

Merge Test Results: SUCCESS (https://ci.dev.openshift.redhat.com/jenkins/job/merge_pull_requests/1175/)
Image: devenv_2556

@openshift-bot
OpenShift Origin member

Evaluated up to 32564a0

@openshift-bot openshift-bot merged commit fe63aa5 into openshift:master
@mscherer

Given the patch look quite close to the two I posted in the bug #880699 on RH bugzilla, and given I reported the issue, I would welcomed to at least receive part of the credits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 5, 2012
  1. @jwhonce

    Fix for Bug 880699

    jwhonce committed
    restorer.php security patch
Showing with 12 additions and 6 deletions.
  1. +12 −6 node-util/www/html/restorer.php
View
18 node-util/www/html/restorer.php
@@ -1,10 +1,16 @@
<?php
list($blank, $uuid, $blank) = split("/", $_SERVER["PATH_INFO"]);
-shell_exec("/usr/sbin/oo-restorer-wrapper.sh $uuid");
-
-sleep(2);
-$url=str_replace("/$uuid", "", $_SERVER["PATH_INFO"]);
-header("Location: $url");
-
+if (preg_match('/[0-9a-fA-F]{32}/', $uuid)) {
+ shell_exec("/usr/sbin/oo-restorer-wrapper.sh $uuid");
+ sleep(2);
+ $host = $_SERVER['HTTP_HOST'];
+ $proto = "http" . ( isset($_SERVER['HTTPS']) ? 's' : '' ) . '://';
+ $url=str_replace("/$uuid", "", $_SERVER["PATH_INFO"]);
+ header("Location: $proto$host$url");
+} else {
+ // someone is trying to attack
+ error_log("Invalid uuid $uuid given to restorer.php");
+ header('HTTP/1.0 403 Forbidden');
+}
?>
Something went wrong with that request. Please try again.