From 8bbc2ef15138d2493cce5a39a4ba281e07a7c42a Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 29 Sep 2015 14:55:42 -0400 Subject: Add safety belts to squid3 chown function to stop it from breaking the entire filesystem. --- config/squid3/34/squid.inc | 7 ++++--- config/squid3/34/squid.xml | 2 +- pkg_config.10.xml | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index e906a1bb..a7cb0490 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -84,7 +84,8 @@ function squid_get_real_interface_address($iface) { } function squid_chown_recursive($dir, $user, $group) { - if ($dir == '/usr/local') { + if (empty($dir) || ($dir == '/') || ($dir == '/usr/local') || !is_dir($dir)) { + log_error(gettext("Squid attempted to chown an invalid directory: {$dir}")); return; } @@ -92,8 +93,8 @@ function squid_chown_recursive($dir, $user, $group) { chgrp($dir, $group); $handle = opendir($dir) ; while (($item = readdir($handle)) !== false) { - if (($item != ".") && ($item != "..")) { - $path = "$dir/$item"; + if (!empty($item) && ($item != ".") && ($item != "..")) { + $path = "{$dir}/{$item}"; // Recurse unless it's the cache dir, that is slow and rarely necessary. if (is_dir($path) && (basename($dir) != "cache")) { squid_chown_recursive($path, $user, $group); diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index ded59d42..ec9855e8 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -42,7 +42,7 @@ ]]> squid - 0.3.5 + 0.3.5.1 Proxy Server: General Settings /usr/local/pkg/squid.inc diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 500cfebc..1e0fcd2d 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1052,7 +1052,7 @@ https://forum.pfsense.org/index.php/topic,48347.0.html http://www.squid-cache.org/ Network - 0.3.5 + 0.3.5.1 beta 2.2 marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org -- cgit v1.2.3