[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r24266 - in branches/gsa-6.0: . src
From: scm-commit () wald ! intevation ! org
Date: 2016-01-31 15:43:11
Message-ID: 20160131154312.1D3B69A194C1 () wald ! intevation ! org
[Download RAW message or body]
Author: mattm
Date: 2016-01-31 16:43:11 +0100 (Sun, 31 Jan 2016)
New Revision: 24266
Modified:
branches/gsa-6.0/ChangeLog
branches/gsa-6.0/src/gsad.c
Log:
Backport r24265.
* src/gsad.c (params_mhd_validate_values, params_mhd_validate): Before
calling openvas_validate, check that the param is valid UTF-8. This
prevents the Glib functions from running on invalid UTF-8, which can
lead to segfaults, and so can be used to bring GSA down.
Modified: branches/gsa-6.0/ChangeLog
===================================================================
--- branches/gsa-6.0/ChangeLog 2016-01-31 15:35:59 UTC (rev 24265)
+++ branches/gsa-6.0/ChangeLog 2016-01-31 15:43:11 UTC (rev 24266)
@@ -1,5 +1,14 @@
2016-01-31 Matthew Mundell <matthew.mundell@greenbone.net>
+ Backport r24265.
+
+ * src/gsad.c (params_mhd_validate_values, params_mhd_validate): Before
+ calling openvas_validate, check that the param is valid UTF-8. This
+ prevents the Glib functions from running on invalid UTF-8, which can
+ lead to segfaults, and so can be used to bring GSA down.
+
+2016-01-31 Matthew Mundell <matthew.mundell@greenbone.net>
+
Backport r24262.
* src/gsad.c (request_handler): Close connection if "url" is not valid
Modified: branches/gsa-6.0/src/gsad.c
===================================================================
--- branches/gsa-6.0/src/gsad.c 2016-01-31 15:35:59 UTC (rev 24265)
+++ branches/gsa-6.0/src/gsad.c 2016-01-31 15:43:11 UTC (rev 24266)
@@ -1716,11 +1716,23 @@
{
gchar *item_name;
- item_name = g_strdup_printf ("%s%s:", parent_name, name);
-
/* Item specific value validator like "method_data:to_adddress:". */
- switch (openvas_validate (validator, item_name, param->value))
+ if ((g_utf8_validate (name, -1, NULL) == FALSE)
+ || (g_utf8_validate (param->value, -1, NULL) == FALSE))
{
+ param->original_value = param->value;
+ param->value = NULL;
+ param->value_size = 0;
+ param->valid = 0;
+ param->valid_utf8 = 0;
+ item_name = NULL;
+ }
+ else switch (openvas_validate (validator,
+ (item_name = g_strdup_printf ("%s%s:",
+ parent_name,
+ name)),
+ param->value))
+ {
case 0:
break;
case 1:
@@ -1747,7 +1759,7 @@
const gchar *alias_for;
param->valid = 1;
- param->valid_utf8 = g_utf8_validate (param->value, -1, NULL);
+ param->valid_utf8 = 1;
alias_for = openvas_validator_alias_for (validator, name);
if ((param->value && (strcmp ((gchar*) name, "number") == 0))
@@ -1791,8 +1803,9 @@
param_t *param;
param = (param_t*) value;
- if (!g_str_has_prefix (name, "osp_pref_")
- && openvas_validate (validator, name, param->value))
+ if ((g_utf8_validate (param->value, -1, NULL) == FALSE)
+ || (!g_str_has_prefix (name, "osp_pref_")
+ && openvas_validate (validator, name, param->value)))
{
param->original_value = param->value;
param->value = NULL;
@@ -1804,7 +1817,7 @@
const gchar *alias_for;
param->valid = 1;
- param->valid_utf8 = g_utf8_validate (param->value, -1, NULL);
+ param->valid_utf8 = 1;
alias_for = openvas_validator_alias_for (validator, name);
if ((param->value && (strcmp ((gchar*) name, "number") == 0))
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic