aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-05-20 08:59:44 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-05-20 08:59:44 -0400
commit59ed3438729fd56452f58a0f79f0c288db982ac3 (patch)
treeba57ce6e6e593059b8dcbea9465e779530f620c4 /config/suricata
parent722547921de086254b8fd5b2e458c95d1bb68c96 (diff)
downloadpfsense-packages-59ed3438729fd56452f58a0f79f0c288db982ac3.tar.gz
pfsense-packages-59ed3438729fd56452f58a0f79f0c288db982ac3.tar.bz2
pfsense-packages-59ed3438729fd56452f58a0f79f0c288db982ac3.zip
Fix file browser vulnerability on LOGS BROWSER tab.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_logs_browser.php15
1 files changed, 8 insertions, 7 deletions
diff --git a/config/suricata/suricata_logs_browser.php b/config/suricata/suricata_logs_browser.php
index 04edf373..566ab93f 100644
--- a/config/suricata/suricata_logs_browser.php
+++ b/config/suricata/suricata_logs_browser.php
@@ -55,21 +55,22 @@ $suricata_uuid = $a_instance[$instanceid]['uuid'];
$if_real = get_real_interface($a_instance[$instanceid]['interface']);
// Construct a pointer to the instance's logging subdirectory
-$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
+$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}/";
-$logfile = $_POST['file'];
+// Limit all file access to just the currently selected interface's logging subdirectory
+$logfile = htmlspecialchars($suricatalogdir . basename($_POST['file']));
if ($_POST['action'] == 'load') {
- if(!is_file($_POST['file'])) {
+ if(!is_file($logfile)) {
echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|";
}
else {
- $data = file_get_contents($_POST['file']);
+ $data = file_get_contents($logfile);
if($data === false) {
echo "|1|" . gettext("Failed to read log file") . ".|";
} else {
$data = base64_encode($data);
- echo "|0|{$_POST['file']}|{$data}|";
+ echo "|0|{$logfile}|{$data}|";
}
}
exit;
@@ -180,7 +181,7 @@ if ($input_errors) {
$selected = "";
if ($log == basename($logfile))
$selected = "selected";
- echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n";
+ echo "<option value='{$suricatalogdir}{$log}' {$selected}>" . $log . "</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which log you want to view.'); ?>
@@ -222,7 +223,7 @@ if ($input_errors) {
</table>
</form>
-<?php if(empty($logfile)): ?>
+<?php if(empty($_POST['file'])): ?>
<script type="text/javascript">
document.getElementById("logFile").selectedIndex=-1;
</script>