System Patches 2.2.3

pfsense · May 22, 2023 · de76acb · de76acb
1 parent 87d5663
commit de76acb
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 1 deletion.
diff --git a/sysutils/pfSense-pkg-System_Patches/Makefile b/sysutils/pfSense-pkg-System_Patches/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-System_Patches
-PORTVERSION=	2.2.2
+PORTVERSION=	2.2.3
 CATEGORIES=	sysutils
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/...System_Patches/files/usr/local/pkg/patches/c5b8e57aa51ff82b45bd6cb925ba512f4c01dcba.patch b/...System_Patches/files/usr/local/pkg/patches/c5b8e57aa51ff82b45bd6cb925ba512f4c01dcba.patch
@@ -0,0 +1,73 @@
+commit c5b8e57aa51ff82b45bd6cb925ba512f4c01dcba
+Author: jim-p <jimp@netgate.com>
+Date:   Tue Feb 28 15:53:19 2023 -0500
+
+    Improve validation and escaping of bridge interfaces. Fixes #14052
+
+diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
+index 39d353ccdf..5e0ccfab74 100644
+--- a/src/etc/inc/interfaces.inc
++++ b/src/etc/inc/interfaces.inc
+@@ -753,7 +753,7 @@ function interface_bridge_configure(&$bridge, $checkmember = 0, $flush = true) {
+
+ function interface_bridge_configure_stp($bridge) {
+ 	if (isset($bridge['enablestp'])) {
+-		$bridgeif = trim($bridge['bridgeif']);
++		$bridgeif = escapeshellarg(trim($bridge['bridgeif']));
+ 		/* configure spanning tree proto */
+ 		mwexec("/sbin/ifconfig {$bridgeif} proto " . escapeshellarg($bridge['proto']));
+
+@@ -811,7 +811,7 @@ function interface_bridge_configure_stp($bridge) {
+ }
+
+ function interface_bridge_configure_advanced($bridge) {
+-	$bridgeif = trim($bridge['bridgeif']);
++	$bridgeif = escapeshellarg(trim($bridge['bridgeif']));
+
+ 	if ($bridge['maxaddr'] <> "") {
+ 		mwexec("/sbin/ifconfig {$bridgeif} maxaddr " . escapeshellarg($bridge['maxaddr']));
+@@ -871,7 +871,7 @@ function interface_bridge_configure_advanced($bridge) {
+ }
+
+ function interface_bridge_configure_ip6linklocal($bridge) {
+-	$bridgeif = trim($bridge['bridgeif']);
++	$bridgeif = escapeshellarg(trim($bridge['bridgeif']));
+
+ 	$members = explode(',', $bridge['members']);
+ 	if (!count($members)) {
+@@ -884,7 +884,7 @@ function interface_bridge_configure_ip6linklocal($bridge) {
+
+ 	mwexec("/usr/sbin/ndp -i {$bridgeif} -- {$bridgeop}auto_linklocal");
+ 	foreach ($members as $member) {
+-		$realif = get_real_interface($member);
++		$realif = escapeshellarg(get_real_interface($member));
+ 		mwexec("/usr/sbin/ndp -i {$realif} -- {$memberop}auto_linklocal");
+ 	}
+ }
+diff --git a/src/usr/local/www/interfaces_bridge_edit.php b/src/usr/local/www/interfaces_bridge_edit.php
+index d912fa25e6..58b07ca8f2 100644
+--- a/src/usr/local/www/interfaces_bridge_edit.php
++++ b/src/usr/local/www/interfaces_bridge_edit.php
+@@ -356,10 +356,19 @@ if ($_POST['save']) {
+ 			$bridge['autoptp'] = implode(',', $_POST['autoptp']);
+ 		}
+
+-		$bridge['bridgeif'] = $_POST['bridgeif'];
++		if (empty($_POST['bridgeif']) ||
++		    preg_match("/^bridge[0-9]+$/", $_POST['bridgeif'])) {
++			/* Attempt initial configuration of the bridge if the
++			 * submitted interface is empty or looks like a bridge
++			 * interface. */
++			$bridge['bridgeif'] = $_POST['bridgeif'];
++			interface_bridge_configure($bridge);
++		} else {
++			$input_errors[] = gettext("Invalid bridge interface.");
++		}
+
+-		interface_bridge_configure($bridge);
+-		if ($bridge['bridgeif'] == "" || !stristr($bridge['bridgeif'], "bridge")) {
++		if (empty($bridge['bridgeif']) ||
++		    !preg_match("/^bridge[0-9]+$/", $bridge['bridgeif'])) {
+ 			$input_errors[] = gettext("Error occurred creating interface, please retry.");
+ 		} else {
+
diff --git a/sysutils/pfSense-pkg-System_Patches/files/usr/local/pkg/patches/manifest.inc b/sysutils/pfSense-pkg-System_Patches/files/usr/local/pkg/patches/manifest.inc
@@ -25,6 +25,20 @@ global $recommended_patches;
  * save space.
  */
 $recommended_patches = [
+[
+  'uniqid' => 'c5b8e57aa51ff82b45bd6cb925ba512f4c01dcba',
+  'versions' => ['23.01', '22.05.1', '22.05', '2.6.0'],
+  'descr' => 'Fix potential arbitrary command execution in interfaces_bridge_edit.php from bridge interface names',
+  'links' => [
+      [ 'text' => 'pfSense-SA-23_06.webgui',
+         'url' => 'https://docs.netgate.com/downloads/pfSense-SA-23_06.webgui', ],
+      [ 'text' => 'Redmine #14281',
+         'url' => 'https://redmine.pfsense.org/issues/14281', ],
+  ],
+  'basedir' => '/',
+  'pathstrip' => 2,
+  'ignorewhitespace' => true,
+],
 [
   'uniqid' => '66b989e824042c0cf5e75b1cb245b0ae13548949',
   'versions' => ['23.01'],

diff --git a/sysutils/pfSense-pkg-System_Patches/pkg-plist b/sysutils/pfSense-pkg-System_Patches/pkg-plist
@@ -52,6 +52,7 @@ pkg/patches/bdffb77d1aa21770b23ef408ad9fba79d0825ec5.patch
 pkg/patches/be6d44179f8a82b7adbdf95336d68ee491963ae0.patch
 pkg/patches/bf21f67bbe2d1694ad1ad72728623dded9ace426.patch
 pkg/patches/c416f6fab10f149b15a352dfb609f86a98f6103d.patch
+pkg/patches/c5b8e57aa51ff82b45bd6cb925ba512f4c01dcba.patch
 pkg/patches/c5faa351c1ef6d4555478a7f50b3a16ece7e0b2a.patch
 pkg/patches/cf2a2f82c2aa551b26a6d9606d5e6da1e760ff6b.patch
 pkg/patches/d015b45a395045a56b9190f284459a6a4cc57568.patch