[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r24265 - in trunk/gsa: . src
From: scm-commit () wald ! intevation ! org
Date: 2016-01-31 15:35:59
Message-ID: 20160131153600.016099A18EA5 () wald ! intevation ! org
[Download RAW message or body]
Author: mattm
Date: 2016-01-31 16:35:59 +0100 (Sun, 31 Jan 2016)
New Revision: 24265
Modified:
trunk/gsa/ChangeLog
trunk/gsa/src/gsad.c
Log:
* src/gsad.c (params_mhd_validate_values, params_mhd_validate): Before
calling openvas_validate, check that the param is valid UTF-8. This
prevents the Glib functions from running on invalid UTF-8, which can
lead to segfaults, and so can be used to bring GSA down.
Modified: trunk/gsa/ChangeLog
===================================================================
--- trunk/gsa/ChangeLog 2016-01-31 12:47:41 UTC (rev 24264)
+++ trunk/gsa/ChangeLog 2016-01-31 15:35:59 UTC (rev 24265)
@@ -1,5 +1,12 @@
2016-01-31 Matthew Mundell <matthew.mundell@greenbone.net>
+ * src/gsad.c (params_mhd_validate_values, params_mhd_validate): Before
+ calling openvas_validate, check that the param is valid UTF-8. This
+ prevents the Glib functions from running on invalid UTF-8, which can
+ lead to segfaults, and so can be used to bring GSA down.
+
+2016-01-31 Matthew Mundell <matthew.mundell@greenbone.net>
+
* src/gsad.c (request_handler): Close connection if "url" is not valid
UTF-8. This prevents Glib from segfaulting when printing the URL to the
login page XML, which could be used to bring GSA down.
Modified: trunk/gsa/src/gsad.c
===================================================================
--- trunk/gsa/src/gsad.c 2016-01-31 12:47:41 UTC (rev 24264)
+++ trunk/gsa/src/gsad.c 2016-01-31 15:35:59 UTC (rev 24265)
@@ -1849,11 +1849,23 @@
{
gchar *item_name;
- item_name = g_strdup_printf ("%s%s:", parent_name, name);
-
/* Item specific value validator like "method_data:to_adddress:". */
- switch (openvas_validate (validator, item_name, param->value))
+ if ((g_utf8_validate (name, -1, NULL) == FALSE)
+ || (g_utf8_validate (param->value, -1, NULL) == FALSE))
{
+ param->original_value = param->value;
+ param->value = NULL;
+ param->value_size = 0;
+ param->valid = 0;
+ param->valid_utf8 = 0;
+ item_name = NULL;
+ }
+ else switch (openvas_validate (validator,
+ (item_name = g_strdup_printf ("%s%s:",
+ parent_name,
+ name)),
+ param->value))
+ {
case 0:
break;
case 1:
@@ -1880,7 +1892,7 @@
const gchar *alias_for;
param->valid = 1;
- param->valid_utf8 = g_utf8_validate (param->value, -1, NULL);
+ param->valid_utf8 = 1;
alias_for = openvas_validator_alias_for (validator, name);
if ((param->value && (strcmp ((gchar*) name, "number") == 0))
@@ -1924,8 +1936,9 @@
param_t *param;
param = (param_t*) value;
- if (!g_str_has_prefix (name, "osp_pref_")
- && openvas_validate (validator, name, param->value))
+ if ((g_utf8_validate (param->value, -1, NULL) == FALSE)
+ || (!g_str_has_prefix (name, "osp_pref_")
+ && openvas_validate (validator, name, param->value)))
{
param->original_value = param->value;
param->value = NULL;
@@ -1937,7 +1950,7 @@
const gchar *alias_for;
param->valid = 1;
- param->valid_utf8 = g_utf8_validate (param->value, -1, NULL);
+ param->valid_utf8 = 1;
alias_for = openvas_validator_alias_for (validator, name);
if ((param->value && (strcmp ((gchar*) name, "number") == 0))
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic