diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-05-20 08:59:44 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-05-20 08:59:44 -0400 |
commit | 59ed3438729fd56452f58a0f79f0c288db982ac3 (patch) | |
tree | ba57ce6e6e593059b8dcbea9465e779530f620c4 /config/suricata | |
parent | 722547921de086254b8fd5b2e458c95d1bb68c96 (diff) | |
download | pfsense-packages-59ed3438729fd56452f58a0f79f0c288db982ac3.tar.gz pfsense-packages-59ed3438729fd56452f58a0f79f0c288db982ac3.tar.bz2 pfsense-packages-59ed3438729fd56452f58a0f79f0c288db982ac3.zip |
Fix file browser vulnerability on LOGS BROWSER tab.
Diffstat (limited to 'config/suricata')
-rw-r--r-- | config/suricata/suricata_logs_browser.php | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php index 04edf373..566ab93f 100644 --- a/config/suricata/suricata_logs_browser.php +++ b/config/suricata/suricata_logs_browser.php @@ -55,21 +55,22 @@ $suricata_uuid = $a_instance[$instanceid]['uuid']; $if_real = get_real_interface($a_instance[$instanceid]['interface']); // Construct a pointer to the instance's logging subdirectory -$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; +$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}/"; -$logfile = $_POST['file']; +// Limit all file access to just the currently selected interface's logging subdirectory +$logfile = htmlspecialchars($suricatalogdir . basename($_POST['file'])); if ($_POST['action'] == 'load') { - if(!is_file($_POST['file'])) { + if(!is_file($logfile)) { echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|"; } else { - $data = file_get_contents($_POST['file']); + $data = file_get_contents($logfile); if($data === false) { echo "|1|" . gettext("Failed to read log file") . ".|"; } else { $data = base64_encode($data); - echo "|0|{$_POST['file']}|{$data}|"; + echo "|0|{$logfile}|{$data}|"; } } exit; @@ -180,7 +181,7 @@ if ($input_errors) { $selected = ""; if ($log == basename($logfile)) $selected = "selected"; - echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n"; + echo "<option value='{$suricatalogdir}{$log}' {$selected}>" . $log . "</option>\n"; } ?> </select> <?php echo gettext('Choose which log you want to view.'); ?> @@ -222,7 +223,7 @@ if ($input_errors) { </table> </form> -<?php if(empty($logfile)): ?> +<?php if(empty($_POST['file'])): ?> <script type="text/javascript"> document.getElementById("logFile").selectedIndex=-1; </script> |