[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Patch: konqueror form attacks
From: Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date: 2001-09-03 11:53:04
[Download RAW message or body]
Hi,
here is the patch I promised to do to prevent HTML form attacks in konqueror.
What the patch does is to block http post actions to some known ports that
you don't want to be the receiver of post actions. The list of ports is the
one from netscape (according to Dirk), with some ports added per advice of
our security guru (imap/SSL, pop3/SSL, ftps, telnets and irc).
Please review the patch.
Bye,
Matthias.
["kio-http-post.patch" (text/x-diff)]
Index: job.cpp
===================================================================
RCS file: /home/kde/kdelibs/kio/job.cpp,v
retrieving revision 1.261.2.4
diff -u -r1.261.2.4 job.cpp
--- job.cpp 2001/08/30 11:18:30 1.261.2.4
+++ job.cpp 2001/09/03 11:43:52
@@ -874,9 +874,105 @@
return job;
}
+class ErrorJob : public TransferJob
+{
+public:
+
+ ErrorJob(QString url, const QByteArray &packedArgs, const QByteArray &postData, \
bool showProgressInfo) : TransferJob("", CMD_SPECIAL, packedArgs, postData, \
showProgressInfo) + {
+ m_error = ERR_ACCESS_DENIED;
+ m_errorText = url;
+ }
+
+};
+
TransferJob *KIO::http_post( const KURL& url, const QByteArray &postData, bool \
showProgressInfo ) {
- assert( (url.protocol() == "http") || (url.protocol() == "https" ));
+ bool valid = true;
+
+ // filter out non https? protocols
+ if ((url.protocol() != "http") && (url.protocol() != "https" ))
+ valid = false;
+
+ // filter out some malicious ports
+ int bad_ports[] = {
+ 1, // tcpmux
+ 7, // echo
+ 9, // discard
+ 11, // systat
+ 13, // daytime
+ 15, // netstat
+ 17, // qotd
+ 19, // chargen
+ 20, // ftp-data
+ 21, // ftp-cntl
+ 22, // ssh
+ 23, // telnet
+ 25, // smtp
+ 37, // time
+ 42, // name
+ 43, // nicname
+ 53, // domain
+ 77, // priv-rjs
+ 79, // finger
+ 87, // ttylink
+ 95, // supdup
+ 101, // hostriame
+ 102, // iso-tsap
+ 103, // gppitnp
+ 104, // acr-nema
+ 109, // pop2
+ 110, // pop3
+ 111, // sunrpc
+ 113, // auth
+ 115, // sftp
+ 117, // uucp-path
+ 119, // nntp
+ 123, // NTP
+ 135, // loc-srv / epmap
+ 139, // netbios
+ 143, // imap2
+ 179, // BGP
+ 389, // ldap
+ 512, // print / exec
+ 513, // login
+ 514, // shell
+ 515, // printer
+ 526, // tempo
+ 530, // courier
+ 531, // Chat
+ 532, // netnews
+ 540, // uucp
+ 556, // remotefs
+ 587, // sendmail
+ 601, //
+ 631, // CUPS
+ 989, // ftps data
+ 990, // ftps
+ 992, // telnets
+ 993, // imap/SSL
+ 995, // pop3/SSL
+ 1080, // SOCKS
+ 2049, // nfs
+ 4045, // lockd
+ 6000, // x11
+ 6667, // irc
+ 0};
+ for (int cnt=0; bad_ports[cnt]; ++cnt)
+ if (url.port() == bad_ports[cnt])
+ {
+ valid = false;
+ break;
+ }
+
+ // if request is not valid, return an invalid transfer job
+ if (!valid)
+ {
+ KIO_ARGS << (int)1 << url;
+ TransferJob * job = new ErrorJob(url.url(), packedArgs, postData, \
showProgressInfo); + return job;
+ }
+
// Send http post command (1), decoded path and encoded query
KIO_ARGS << (int)1 << url;
TransferJob * job = new TransferJob( url, CMD_SPECIAL,
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic