diff options
| author | jim-p <jimp@pfsense.org> | 2014-02-17 16:09:43 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2014-02-17 16:09:43 -0500 |
| commit | ad6e7cb89edbb0849eda4516cb0976fb877bc397 (patch) | |
| tree | 3665028bcc023d4bd44c8654a2b6371339267141 | |
| parent | b23398b68fabefebd8b9c4715b81772df7c6228c (diff) | |
| download | pfsense-packages-ad6e7cb89edbb0849eda4516cb0976fb877bc397.tar.gz pfsense-packages-ad6e7cb89edbb0849eda4516cb0976fb877bc397.tar.bz2 pfsense-packages-ad6e7cb89edbb0849eda4516cb0976fb877bc397.zip | |
Input validation for arping and escaping. Fixes #3462
| -rw-r--r-- | config/arping/arping.inc | 6 | ||||
| -rw-r--r-- | pkg_config.10.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
4 files changed, 8 insertions, 4 deletions
diff --git a/config/arping/arping.inc b/config/arping/arping.inc index be21a790..0054adf0 100644 --- a/config/arping/arping.inc +++ b/config/arping/arping.inc @@ -35,7 +35,11 @@ function arping_package_reinstall() { } function arping_package_php_command() { - system("arping -c3 " . $_POST['hostip']); + require_once("util.inc"); + if (is_ipaddr($_POST['hostip']) || is_hostname($_POST['hostip']) || is_macaddr($_POST['hostip'])) + system("arping -c3 " . escapeshellarg($_POST['hostip'])); + else + echo "Invalid input. Supplied address must be a valid IP or MAC address."; exit; } diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 86243ec7..317f62e5 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -684,7 +684,7 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.13</version> + <version>2.13 v1.1</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index b3f16cb2..3a9d35b1 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -935,7 +935,7 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1</version> + <version>2.09.1 v1.1</version> <status>Stable</status> <required_version>1.0.1</required_version> <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index f628aff4..e12cb00f 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -922,7 +922,7 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1</version> + <version>2.09.1 v1.1</version> <status>Stable</status> <required_version>1.0.1</required_version> <config_file>http://www.pfsense.com/packages/config/arping/arping.xml</config_file> |