Restrict snort_log_view.php to show only files inside SNORTLOGDIR, it fixes http://seclists.org/fulldisclosure/2014/Jan/187

author: Renato Botelho <garga@FreeBSD.org> 2014-01-28 14:38:05 -0200
committer: Renato Botelho <garga@FreeBSD.org> 2014-01-28 14:38:05 -0200
commit: 6857ff8505977e8898b93c28c394d73ffb167087 (patch)
tree: ce445dba6683c4086497f6676a21f4386d4535d1 /config/snort/snort_log_view.php
parent: 81d43d9b8f6c66de409b24be746fa742473329ff (diff)
download: pfsense-packages-6857ff8505977e8898b93c28c394d73ffb167087.tar.gz
pfsense-packages-6857ff8505977e8898b93c28c394d73ffb167087.tar.bz2
pfsense-packages-6857ff8505977e8898b93c28c394d73ffb167087.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/config/snort/snort_log_view.php b/config/snort/snort_log_view.php
index 4fc8d990..babae205 100644
--- a/config/snort/snort_log_view.php
+++ b/config/snort/snort_log_view.php
@@ -42,7 +42,10 @@ $contents = '';
 // Read the contents of the argument passed to us.
 // Is it a fully qualified path and file?
 if (file_exists($_GET['logfile']))
-	$contents = file_get_contents($_GET['logfile']);
+	if (substr(realpath($_GET['logfile']), 0, strlen(SNORTLOGDIR)) != SNORTLOGDIR)
+		$contents = gettext("\n\nERROR -- File: {$_GET['logfile']} can not be viewed!");
+	else
+		$contents = file_get_contents($_GET['logfile']);
 // It is not something we can display, so print an error.
 else
 	$contents = gettext("\n\nERROR -- File: {$_GET['logfile']} not found!");
author	Renato Botelho <garga@FreeBSD.org>	2014-01-28 14:38:05 -0200
committer	Renato Botelho <garga@FreeBSD.org>	2014-01-28 14:38:05 -0200
commit	6857ff8505977e8898b93c28c394d73ffb167087 (patch)
tree	ce445dba6683c4086497f6676a21f4386d4535d1 /config/snort/snort_log_view.php
parent	81d43d9b8f6c66de409b24be746fa742473329ff (diff)
download	pfsense-packages-6857ff8505977e8898b93c28c394d73ffb167087.tar.gz pfsense-packages-6857ff8505977e8898b93c28c394d73ffb167087.tar.bz2 pfsense-packages-6857ff8505977e8898b93c28c394d73ffb167087.zip