~ubuntu-branches/ubuntu/gutsy/awstats/gutsy-security
» Revision
8
: debian/patches/1004_backport_6.6_xss-fixes.patch
« back to all changes in this revision
Viewing changes to debian/patches/1004_backport_6.6_xss-fixes.patch
- browse files at revision 8
- compare with another revision
- download diff
- download tarball
- view history from revision 8
- Committer: Bazaar Package Importer
- Author(s): Kees Cook
- Date: 2006-10-06 14:29:13 UTC
- Revision ID: james.westby@ubuntu.com-20061006142913-jza93epi3mwxzc9k
Tags: 6.5-2ubuntu1
* SECURITY UPDATE: Fix path exposure on error.
* Add 'debian/patches/1004_backport_6.6_xss-fixes.patch' to correct URL
decoding and adjust error message reports. Backported from upstream.
* References
CVE-2006-3682
http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.867&r2=1.871
* Add 'debian/patches/1004_backport_6.6_xss-fixes.patch' to correct URL
decoding and adjust error message reports. Backported from upstream.
* References
CVE-2006-3682
http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.867&r2=1.871
- files added:
- debian/patches/1004_backport_6.6_xss-fixes.patch
- files modified:
- debian/changelog
added
removed
debian/patches/1004_backport_6.6_xss-fixes.patch
1
diff -Nur awstats-6.5/wwwroot/cgi-bin/awstats.pl awstats-6.5.new/wwwroot/cgi-bin/awstats.pl
2
--- awstats-6.5/wwwroot/cgi-bin/awstats.pl 2006-10-06 14:30:47.497024425 -0700
3
+++ awstats-6.5.new/wwwroot/cgi-bin/awstats.pl 2006-10-06 14:35:01.053898947 -0700
4
@@ -870,7 +870,7 @@
5
print "Example: If your config file is awstats.mysite.conf, use -config=mysite\n";
6
}
7
print "- ${tagbold}Did you create your config file 'awstats.$SiteConfig.conf' ?${tagunbold}${tagbr}\n";
8
- print "If not, you can run \"$dir/tools/awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
9
+ print "If not, you can run \"awstats_configure.pl\"\nfrom command line, or create it manually.${tagbr}\n";
10
print "${tagbr}\n";
11
}
12
else { print "${tagbr}${tagbold}Setup (".($FileConfig?"'".$FileConfig."'":"Config")." file, web server or permissions) may be wrong.${tagunbold}${tagbr}\n"; }
13
@@ -4430,6 +4430,7 @@
14
15
#------------------------------------------------------------------------------
16
# Function: Clean a string of HTML tags to avoid 'Cross Site Scripting attacks'
17
+# and clean | char.
18
# Parameters: stringtoclean
19
# Input: None
20
# Output: None
21
@@ -4439,6 +4440,7 @@
22
my $stringtoclean=shift;
23
$stringtoclean =~ s/</</g;
24
$stringtoclean =~ s/>/>/g;
25
+ $stringtoclean =~ s/|//g;
26
return $stringtoclean;
27
}
28
29
@@ -5516,6 +5518,7 @@
30
'hostfilter','hostfilterex','urlfilter','urlfilterex','refererpagesfilter','refererpagesfilterex',
31
'pluginmode','filterrawlog');
32
33
+# Parse input parameters and sanitize them for security reasons
34
$QueryString='';
35
# AWStats use GATEWAY_INTERFACE to known if ran as CLI or CGI. AWSTATS_DEL_GATEWAY_INTERFACE can
36
# be set to force AWStats to be ran as CLI even from a web page.
37
@@ -5542,26 +5545,26 @@
38
# No update but report by default when run from a browser
39
$UpdateStats=($QueryString=~/update=1/i?1:0);
40
41
- if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
42
- if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons=&DecodeEncodedString("$1"); }
43
- if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
44
- if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
45
+ if ($QueryString =~ /config=([^&]+)/i) { $SiteConfig=&Sanitize("$1"); }
46
+ if ($QueryString =~ /diricons=([^&]+)/i) { $DirIcons="$1"; }
47
+ if ($QueryString =~ /pluginmode=([^&]+)/i) { $PluginMode=&Sanitize("$1",1); }
48
+ if ($QueryString =~ /configdir=([^&]+)/i) { $DirConfig=&Sanitize("$1"); }
49
# All filters
50
- if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can also be defined with hostfilter=filter
51
- if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}=&DecodeEncodedString("$1"); } #
52
- if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can also be defined with urlfilter=filter
53
- if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}=&DecodeEncodedString("$1"); } #
54
- if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can also be defined with refererpagesfilter=filter
55
- if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); } #
56
+ if ($QueryString =~ /hostfilter=([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can also be defined with hostfilter=filter
57
+ if ($QueryString =~ /hostfilterex=([^&]+)/i) { $FilterEx{'host'}="$1"; } #
58
+ if ($QueryString =~ /urlfilter=([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can also be defined with urlfilter=filter
59
+ if ($QueryString =~ /urlfilterex=([^&]+)/i) { $FilterEx{'url'}="$1"; } #
60
+ if ($QueryString =~ /refererpagesfilter=([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can also be defined with refererpagesfilter=filter
61
+ if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; } #
62
# All output
63
- if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
64
- if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}=&DecodeEncodedString("$1"); } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
65
- if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}=&DecodeEncodedString("$1"); } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
66
- if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
67
+ if ($QueryString =~ /output=allhosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
68
+ if ($QueryString =~ /output=lasthosts:([^&]+)/i) { $FilterIn{'host'}="$1"; } # Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
69
+ if ($QueryString =~ /output=urldetail:([^&]+)/i) { $FilterIn{'url'}="$1"; } # Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
70
+ if ($QueryString =~ /output=refererpages:([^&]+)/i) { $FilterIn{'refererpages'}="$1"; } # Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
71
72
# If migrate
73
if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i) {
74
- $MigrateStats=&Sanitize(&DecodeEncodedString("$2"));
75
+ $MigrateStats=&Sanitize("$2");
76
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
77
$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
78
}
79
@@ -5583,7 +5586,7 @@
80
$QueryString .= "$NewLinkParams";
81
}
82
83
- $QueryString = CleanFromCSSA($QueryString);
84
+ $QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));
85
86
# Security test
87
if ($ENV{'AWSTATS_DEL_GATEWAY_INTERFACE'} && $QueryString =~ /LogFile=([^&]+)/i) { error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }
Loggerhead is a web-based interface for Breezy
Version: 2.0.1