From 6048cbcf1b2e2029250f9eb5fe166627c89398fd Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 19 Jun 2014 15:04:39 -0300 Subject: Improve a bit user input parameters, also make sure referer starts with / to avoid sending users to external sites --- config/snort/snort_import_aliases.php | 4 ++-- config/snort/snort_rules_flowbits.php | 2 +- config/snort/snort_select_alias.php | 18 ++++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_import_aliases.php b/config/snort/snort_import_aliases.php index 80b3bb1d..ba71c9bf 100644 --- a/config/snort/snort_import_aliases.php +++ b/config/snort/snort_import_aliases.php @@ -32,13 +32,13 @@ require_once("functions.inc"); require_once("/usr/local/pkg/snort/snort.inc"); // Retrieve any passed QUERY STRING or POST variables -if (isset($_POST['id'])) +if (isset($_POST['id']) && is_numericint($_POST['id'])) $id = $_POST['id']; elseif (isset($_GET['id']) && is_numericint($_GET['id'])) $id = htmlspecialchars($_GET['id']); if (isset($_POST['eng'])) - $eng = $_POST['eng']; + $eng = htmlspecialchars($_POST['eng']); elseif (isset($_GET['eng'])) $eng = htmlspecialchars($_GET['eng']); diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index daf1c4ef..3baa502c 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -53,7 +53,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if ($_POST['referrer']) +if (isset($_POST['referrer']) && substr($_POST['referrer'], 0, 1) == '/') $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index c632b388..e13d0cb4 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -47,29 +47,31 @@ else // Retrieve any passed QUERY STRING or POST variables if (isset($_POST['type'])) - $type = $_POST['type']; + $type = htmlspecialchars($_POST['type']); elseif (isset($_GET['type'])) $type = htmlspecialchars($_GET['type']); if (isset($_POST['varname'])) - $varname = $_POST['varname']; + $varname = htmlspecialchars($_POST['varname']); elseif (isset($_GET['varname'])) $varname = htmlspecialchars($_GET['varname']); if (isset($_POST['multi_ip'])) - $multi_ip = $_POST['multi_ip']; + $multi_ip = htmlspecialchars($_POST['multi_ip']); elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) +if (isset($_POST['returl'])) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) +elseif (isset($_GET['returl'])) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); +else + $referrer = $_SERVER['HTTP_REFERER']; // Make sure we have a valid VARIABLE name // and ALIAS TYPE, or else bail out. if (is_null($type) || is_null($varname)) { - header("Location: http://{$referrer}?{$querystr}"); + header("Location: {$referrer}?{$querystr}"); exit; } @@ -132,8 +134,8 @@ include("head.inc"); - - + +
-- cgit v1.2.3 From f72a1e651131846ca6494c78006a6c97267a6985 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Fri, 20 Jun 2014 15:41:50 -0300 Subject: Fix call-time pass by reference for snort package --- config/snort/snort_interfaces_suppress_edit.php | 7 ++++++- config/snort/snort_passlist_edit.php | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_interfaces_suppress_edit.php b/config/snort/snort_interfaces_suppress_edit.php index 986bfc38..ec4d9116 100644 --- a/config/snort/snort_interfaces_suppress_edit.php +++ b/config/snort/snort_interfaces_suppress_edit.php @@ -90,7 +90,12 @@ if ($_POST['save']) { $reqdfields = explode(" ", "name"); $reqdfieldsn = array("Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultwhitelist") $input_errors[] = "Whitelist file names may not be named defaultwhitelist."; diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 3be776f4..f501e0fc 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -112,7 +112,12 @@ if ($_POST['save']) { /* input validation */ $reqdfields = explode(" ", "name"); $reqdfieldsn = explode(",", "Name"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + if ($pf_version < 2.1) + $input_errors = eval('do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); return $input_errors;'); + else + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if(strtolower($_POST['name']) == "defaultpasslist") $input_errors[] = gettext("Pass List file names may not be named defaultpasslist."); -- cgit v1.2.3 From 2eb1127c38349c26687604ebff93e1277df4d093 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 20 Jun 2014 22:51:38 -0400 Subject: Make sure referer uses local host to avoid sending users to ext sites. --- config/snort/snort_rules_flowbits.php | 2 +- config/snort/snort_select_alias.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort_rules_flowbits.php b/config/snort/snort_rules_flowbits.php index 3baa502c..d7c18a9d 100644 --- a/config/snort/snort_rules_flowbits.php +++ b/config/snort/snort_rules_flowbits.php @@ -53,7 +53,7 @@ if (is_null($id)) { // Set who called us so we can return to the correct page with // the RETURN ('cancel') button. -if (isset($_POST['referrer']) && substr($_POST['referrer'], 0, 1) == '/') +if (isset($_POST['referrer']) && strpos($_POST['referrer'], '://'.$_SERVER['SERVER_NAME'].'/') !== FALSE) $referrer = $_POST['referrer']; else $referrer = $_SERVER['HTTP_REFERER']; diff --git a/config/snort/snort_select_alias.php b/config/snort/snort_select_alias.php index e13d0cb4..de504b7f 100644 --- a/config/snort/snort_select_alias.php +++ b/config/snort/snort_select_alias.php @@ -61,9 +61,9 @@ if (isset($_POST['multi_ip'])) elseif (isset($_GET['multi_ip'])) $multi_ip = htmlspecialchars($_GET['multi_ip']); -if (isset($_POST['returl'])) && substr($_POST['returl'], 0, 1) == '/') +if (isset($_POST['returl']) && substr($_POST['returl'], 0, 1) == '/') $referrer = urldecode($_POST['returl']); -elseif (isset($_GET['returl'])) && substr($_GET['returl'], 0, 1) == '/') +elseif (isset($_GET['returl']) && substr($_GET['returl'], 0, 1) == '/') $referrer = urldecode($_GET['returl']); else $referrer = $_SERVER['HTTP_REFERER']; -- cgit v1.2.3 From 96ea5d31f1249839ab02d19a9a1f836a018c6998 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sat, 21 Jun 2014 11:08:23 -0300 Subject: Bump Snort GUI package version to 3.0.13 --- config/snort/snort.inc | 2 +- config/snort/snort.xml | 4 ++-- config/snort/snort_migrate_config.php | 2 +- config/snort/snort_post_install.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index c0c5756c..47274e77 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -54,7 +54,7 @@ if (empty($snort_version)) $snort_version = "2.9.6.0"; /* Used to indicate latest version of this include file has been loaded */ -$pfSense_snort_version = "3.0.8"; +$pfSense_snort_version = "3.0.13"; /* get installed package version for display */ $snort_package_version = "Snort {$config['installedpackages']['package'][get_pkg_id("snort")]['version']}"; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index ca99accf..977db98a 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -47,7 +47,7 @@ Currently there are no FAQ items provided. Snort 2.9.6.0 - Services:2.9.6.0 pkg v3.0.8 + Services:2.9.6.0 pkg v3.0.13 /usr/local/pkg/snort/snort.inc Snort @@ -269,7 +269,7 @@ diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index d483ba47..d524e9f3 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -365,7 +365,7 @@ unset($r); // Write out the new configuration to disk if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.13"; log_error("[Snort] Saving configuration settings in new format..."); write_config("Snort pkg: migrate existing settings to new format as part of package upgrade."); log_error("[Snort] Settings successfully migrated to new configuration format..."); diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 8d3c427d..6b645df5 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -1494,7 +1494,7 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.8"; +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.0.13"; write_config("Snort pkg: post-install configuration saved."); /* Done with post-install, so clear flag */ -- cgit v1.2.3