[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Patch: konqueror form attacks
From: Bernhard Rosenkraenzer <bero () redhat ! de>
Date: 2001-09-03 12:51:03
[Download RAW message or body]
On Mon, 3 Sep 2001, Matthias Hoelzer-Kluepfel wrote:
> here is the patch I promised to do to prevent HTML form attacks in konqueror.
I'd prefer having an extension in there: Since some of the redirections
might actually be legit (there's no reason a server couldn't be running a
special web server on, say, port 631 if it doesn't have cups) and even
some <form action="mailto:autoprocess@foo.com?subject=webform+1"> stuff is
legit, I'd rather ask the user before saying permission denied.
--- kdelibs-2.2/kio/job.cpp.secur Fri Aug 3 22:13:55 2001
+++ kdelibs-2.2/kio/job.cpp Mon Sep 3 14:36:08 2001
@@ -874,9 +874,113 @@
return job;
}
+class ErrorJob : public TransferJob
+{
+public:
+
+ ErrorJob(QString url, const QByteArray &packedArgs, const QByteArray &postData, \
bool showProgressInfo) : TransferJob("", CMD_SPECIAL, packedArgs, postData, \
showProgressInfo) + {
+ m_error = ERR_ACCESS_DENIED;
+ m_errorText = url;
+ }
+
+};
+
TransferJob *KIO::http_post( const KURL& url, const QByteArray &postData, bool \
showProgressInfo ) {
- assert( (url.protocol() == "http") || (url.protocol() == "https" ));
+ bool valid = true;
+
+ // filter out non https? protocols
+ if ((url.protocol() != "http") && (url.protocol() != "https" ))
+ valid = false;
+
+ // filter out some malicious ports
+ int bad_ports[] = {
+ 1, // tcpmux
+ 7, // echo
+ 9, // discard
+ 11, // systat
+ 13, // daytime
+ 15, // netstat
+ 17, // qotd
+ 19, // chargen
+ 20, // ftp-data
+ 21, // ftp-cntl
+ 22, // ssh
+ 23, // telnet
+ 25, // smtp
+ 37, // time
+ 42, // name
+ 43, // nicname
+ 53, // domain
+ 77, // priv-rjs
+ 79, // finger
+ 87, // ttylink
+ 95, // supdup
+ 101, // hostriame
+ 102, // iso-tsap
+ 103, // gppintnp
+ 104, // acr-nema
+ 109, // pop2
+ 110, // pop3
+ 111, // sunrpc
+ 113, // auth
+ 115, // sftp
+ 117, // uucp-path
+ 119, // nntp
+ 123, // NTP
+ 135, // loc-srv / epmap
+ 139, // netbios
+ 143, // imap2
+ 179, // BGP
+ 389, // ldap
+ 512, // print / exec
+ 513, // login
+ 514, // shell
+ 515, // printer
+ 526, // tempo
+ 530, // courier
+ 531, // Chat
+ 532, // netnews
+ 540, // uucp
+ 556, // remotefs
+ 587, // sendmail
+ 601, //
+ 631, // CUPS
+ 989, // ftps data
+ 990, // ftps
+ 992, // telnets
+ 993, // imap/SSL
+ 995, // pop3/SSL
+ 1080, // SOCKS
+ 2049, // nfs
+ 4045, // lockd
+ 6000, // x11
+ 6667, // irc
+ 0 };
+
+ for (int cnt=0; bad_ports[cnt]; ++cnt)
+ if (url.port() == bad_ports[cnt]) {
+ valid = false;
+ break;
+ }
+
+ // If the request is not valid, it's either a dirty hack or a security
+ // problem - since we can't determine which of them, ask the user first.
+ if (!valid)
+ {
+ if(KMessageBox::questionYesNo(0, QString("WARNING: The information you are \
trying to submit will be sent to %1. This might be a security problem. Are you sure \
you want to send this information? (If you have clicked on a link without trying to \
submit any information, you definitely want to say no!)").arg(url.url()), \
i18n("Possible security problem"))==KMessageBox::Yes) + valid = true;
+ }
+
+ // if request is not valid, return an invalid transfer job
+ if (!valid)
+ {
+ KIO_ARGS << (int)1 << url;
+ TransferJob * job = new ErrorJob(url.url(), packedArgs, postData, \
showProgressInfo); + return job;
+ }
+
// Send http post command (1), decoded path and encoded query
KIO_ARGS << (int)1 << url;
TransferJob * job = new TransferJob( url, CMD_SPECIAL,
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic