Skip to content

Commit

Permalink
Security fixes (thanks Chunky and Primer!)
Browse files Browse the repository at this point in the history
  • Loading branch information
@icculus
icculus committed Dec 10, 2003
1 parent 0880073 commit 60a9a52
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions IcculusFinger_daemon.pl
View file
Expand Up @@ -58,6 +58,8 @@
# markup tags when not in HTML mode.
# 2.1.8 : Fix from Gary Briggs: IcculusFinger_planmove.pl now handles
# moves across filesystems.
# 2.1.9 : Security fixes in request parsing and syslog output by Chunky and
# Primer.
#-----------------------------------------------------------------------------

# !!! TODO: Let [img] tags nest inside [link] tags.
Expand All @@ -70,7 +72,7 @@
use IO::Select; # bleh.

# Version of IcculusFinger. Change this if you are forking the code.
my $version = "v2.1.8";
my $version = "v2.1.9";


#-----------------------------------------------------------------------------#
Expand Down Expand Up @@ -864,10 +866,10 @@ sub verify_and_load_request {
$errormsg = "No user specified.";
} elsif ($user =~ /\@/) {
$errormsg = "Finger request forwarding is forbidden.";
} elsif (length($user) > 20) {
} elsif (length($user) > 20 || $user =~ /[^A-Za-z0-9_]/) {
# The 20 char limit is just for safety against potential buffer overflows
# in finger servers, but it's more or less arbitrary.
# !!! TODO FIXME: Check for bogus characters in username/host.
# Anything other than A-Za-z0-9_ is probably not a username.
$errormsg = "Bogus user specified.";
} else {
if (defined $fakeusers{$user}) {
Expand Down Expand Up @@ -1185,6 +1187,7 @@ sub finger_mainline {
syslog("info", $syslog_text) if ($use_syslog);
} else {
$syslog_text = "finger request: \"$query_string\"\n";
$syslog_text =~ s/%/%%/g;
if ($use_syslog) {
syslog("info", $syslog_text) or
die("Couldn't write to syslog: $!\n");
Expand All @@ -1206,6 +1209,7 @@ sub finger_mainline {
sub syslog_and_die {
my $err = shift;
$err .= "\n";
$err =~ s/%/%%/g;
syslog("info", $err) if ($use_syslog);
die($err);
}
Expand Down

0 comments on commit 60a9a52

Please sign in to comment.