[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Patch: konqueror form attacks
From: Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date: 2001-09-04 13:52:09
[Download RAW message or body]
On Monday 03 September 2001 13:53, Matthias Hoelzer-Kluepfel wrote:
> Hi,
>
> here is the patch I promised to do to prevent HTML form attacks in
> konqueror. What the patch does is to block http post actions to some known
> ports that you don't want to be the receiver of post actions. The list of
> ports is the one from netscape (according to Dirk), with some ports added
> per advice of our security guru (imap/SSL, pop3/SSL, ftps, telnets and
> irc).
>
> Please review the patch.
Ok, let me summarize:
o The patch is basically ok as a short term solution
o A message box was rejected because of the translations
o The CUPS port should be left out
So if noone objects, I will apply the attached patch tomorrow.
Bye,
Matthias.
["kio-http-post.patch" (text/x-diff)]
Index: job.cpp
===================================================================
RCS file: /home/kde/kdelibs/kio/job.cpp,v
retrieving revision 1.261.2.4
diff -u -r1.261.2.4 job.cpp
--- job.cpp 2001/08/30 11:18:30 1.261.2.4
+++ job.cpp 2001/09/03 11:43:52
@@ -874,9 +874,104 @@
return job;
}
+class ErrorJob : public TransferJob
+{
+public:
+
+ ErrorJob(QString url, const QByteArray &packedArgs, const QByteArray &postData, \
bool showProgressInfo) : TransferJob("", CMD_SPECIAL, packedArgs, postData, \
showProgressInfo) + {
+ m_error = ERR_ACCESS_DENIED;
+ m_errorText = url;
+ }
+
+};
+
TransferJob *KIO::http_post( const KURL& url, const QByteArray &postData, bool \
showProgressInfo ) {
- assert( (url.protocol() == "http") || (url.protocol() == "https" ));
+ bool valid = true;
+
+ // filter out non https? protocols
+ if ((url.protocol() != "http") && (url.protocol() != "https" ))
+ valid = false;
+
+ // filter out some malicious ports
+ int bad_ports[] = {
+ 1, // tcpmux
+ 7, // echo
+ 9, // discard
+ 11, // systat
+ 13, // daytime
+ 15, // netstat
+ 17, // qotd
+ 19, // chargen
+ 20, // ftp-data
+ 21, // ftp-cntl
+ 22, // ssh
+ 23, // telnet
+ 25, // smtp
+ 37, // time
+ 42, // name
+ 43, // nicname
+ 53, // domain
+ 77, // priv-rjs
+ 79, // finger
+ 87, // ttylink
+ 95, // supdup
+ 101, // hostriame
+ 102, // iso-tsap
+ 103, // gppitnp
+ 104, // acr-nema
+ 109, // pop2
+ 110, // pop3
+ 111, // sunrpc
+ 113, // auth
+ 115, // sftp
+ 117, // uucp-path
+ 119, // nntp
+ 123, // NTP
+ 135, // loc-srv / epmap
+ 139, // netbios
+ 143, // imap2
+ 179, // BGP
+ 389, // ldap
+ 512, // print / exec
+ 513, // login
+ 514, // shell
+ 515, // printer
+ 526, // tempo
+ 530, // courier
+ 531, // Chat
+ 532, // netnews
+ 540, // uucp
+ 556, // remotefs
+ 587, // sendmail
+ 601, //
+ 989, // ftps data
+ 990, // ftps
+ 992, // telnets
+ 993, // imap/SSL
+ 995, // pop3/SSL
+ 1080, // SOCKS
+ 2049, // nfs
+ 4045, // lockd
+ 6000, // x11
+ 6667, // irc
+ 0};
+ for (int cnt=0; bad_ports[cnt]; ++cnt)
+ if (url.port() == bad_ports[cnt])
+ {
+ valid = false;
+ break;
+ }
+
+ // if request is not valid, return an invalid transfer job
+ if (!valid)
+ {
+ KIO_ARGS << (int)1 << url;
+ TransferJob * job = new ErrorJob(url.url(), packedArgs, postData, \
showProgressInfo); + return job;
+ }
+
// Send http post command (1), decoded path and encoded query
KIO_ARGS << (int)1 << url;
TransferJob * job = new TransferJob( url, CMD_SPECIAL,
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic