Bug: 186280
Description: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan and Noriko (Thanks!)
Fix Description: These address a variety of issues with our CGIs. The basic
strategy is - Don't Trust The User - any data passed in as a GET/POST parameter
is suspect. I mostly looked at parameters which are filenames or filename
components, but I also made sure that we don't try to dereference a null
parameter or similar things such as that. For filenames, I mostly just verified
that path components contain path valid characters (e.g. not things like ../ or
"" or potential attack strings), verify that the given filename exists in the
given directory using opendir/readdir instead of just relying on PR_Access
(which would report success on a path like
/opt/fedora-ds/alias/../../../etc/passwd), and some attacks which could be based
on using something like this:
PR_snprintf(buf, sizeof(buf), "%s/alias", pathfromuser);
If pathfromuser overflows buf, the /alias will not be appended and we could be
using some bogus path. I replaced most of these with PR_smprintf.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none