diff options
| author | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-09-12 01:25:35 +0000 |
|---|---|---|
| committer | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2006-09-12 01:25:35 +0000 |
| commit | e61f4561cb5a40df738eb5557f54bc0ffeee8e38 (patch) | |
| tree | 8c1878864cc4946195d253fbfbeaa901e1ea5159 | |
| parent | 898bc67a14d44c885742fb697162ae7169f6076d (diff) | |
cleaning up login.pl, fixing serious traversal bug, whitelisting $form{path} to one of two options, same for $form{terminal}, removing references to HTTP_USER_AGENT
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@69 4979c152-3d1c-0410-bac9-87ea11338e46
| -rwxr-xr-x | admin.pl | 67 | ||||
| -rwxr-xr-x | login.pl | 69 |
2 files changed, 40 insertions, 96 deletions
@@ -26,7 +26,6 @@ # Web: http://sourceforge.net/projects/ledger-smb/ # # Contributors: -# Portions Copyright (C) Dieter Simader 2001 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -63,17 +62,16 @@ $| = 1; eval { require "ledger-smb.conf"; }; - if ($ENV{CONTENT_LENGTH}) { - read(STDIN, $_, $ENV{CONTENT_LENGTH}); + read(STDIN, $_, $ENV{CONTENT_LENGTH}); } if ($ENV{QUERY_STRING}) { - $_ = $ENV{QUERY_STRING}; + $_ = $ENV{QUERY_STRING}; } if ($ARGV[0]) { - $_ = $ARGV[0]; + $_ = $ARGV[0]; } @@ -89,57 +87,32 @@ $script = substr($0, $pos + 1); if (-e "$userspath/nologin" && $script ne 'admin.pl') { - print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT}; - print "\nLogin disabled!\n"; - exit; + print "Content-Type: text/html\n\n<html><body><strong>"; + print "\nLogin disabled!\n"; + print "\n</strong></body></html>"; + exit; } if ($form{path}) { - $form{path} =~ s/%2f/\//gi; - $form{path} =~ s/\.\.\///g; - if ($form{path} !~ /^bin\//) { - print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT}; - print "\nInvalid path!\n"; - exit; - } + if ($form{path} ne 'bin/lynx'){ $form{path} = 'bin/mozilla';} + $ARGV[0] = "$_&script=$script"; + require "$form{path}/$script"; - $ARGV[0] = "$_&script=$script"; - require "$form{path}/$script"; } else { - if (!$form{terminal}) { - if ($ENV{HTTP_USER_AGENT}) { - # web browser - $form{terminal} = "lynx"; - if ($ENV{HTTP_USER_AGENT} !~ /lynx/i) { - $form{terminal} = "mozilla"; - } - } else { - if ($ENV{TERM} =~ /xterm/) { - $form{terminal} = "xterm"; - } - if ($ENV{TERM} =~ /(console|linux|vt.*)/i) { - $form{terminal} = "console"; - } - } - } - - - if ($form{terminal}) { - - $ARGV[0] = "path=bin/$form{terminal}&script=$script"; - map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form; - - require "bin/$form{terminal}/$script"; - - } else { - - print "Content-Type: text/html\n\n" if $ENV{HTTP_USER_AGENT}; - print qq|\nUnknown terminal\n|; - } + $form{terminal} = "lynx"; + + if ($ENV{HTTP_USER_AGENT} !~ /lynx/i) { + $form{terminal} = "mozilla"; + } + + $ARGV[0] = "path=bin/$form{terminal}&script=$script"; + map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form; + + require "bin/$form{terminal}/$script"; } @@ -62,17 +62,16 @@ $| = 1; eval { require "ledger-smb.conf"; }; - if ($ENV{CONTENT_LENGTH}) { - read(STDIN, $_, $ENV{CONTENT_LENGTH}); + read(STDIN, $_, $ENV{CONTENT_LENGTH}); } if ($ENV{QUERY_STRING}) { - $_ = $ENV{QUERY_STRING}; + $_ = $ENV{QUERY_STRING}; } if ($ARGV[0]) { - $_ = $ARGV[0]; + $_ = $ARGV[0]; } @@ -88,60 +87,32 @@ $script = substr($0, $pos + 1); if (-e "$userspath/nologin" && $script ne 'admin.pl') { - print "Content-Type: text/html\n\n<html><body><strong>" if $ENV{HTTP_USER_AGENT}; - print "\nLogin disabled!\n"; - print "\n</strong></body></html>" if $ENV{HTTP_USER_AGENT}; - exit; + print "Content-Type: text/html\n\n<html><body><strong>"; + print "\nLogin disabled!\n"; + print "\n</strong></body></html>"; + exit; } if ($form{path}) { - $form{path} =~ s/%2f/\//gi; - $form{path} =~ s/\.\.\///g; - if ($form{path} !~ /^bin\//) { - print "Content-Type: text/html\n\n<html><body><strong>" if $ENV{HTTP_USER_AGENT}; - print "\nInvalid path!\n"; - print "\n</strong></body></html>" if $ENV{HTTP_USER_AGENT}; - exit; - } + if ($form{path} ne 'bin/lynx'){ $form{path} = 'bin/mozilla';} + $ARGV[0] = "$_&script=$script"; + require "$form{path}/$script"; - $ARGV[0] = "$_&script=$script"; - require "$form{path}/$script"; } else { - if (!$form{terminal}) { - if ($ENV{HTTP_USER_AGENT}) { - # web browser - $form{terminal} = "lynx"; - if ($ENV{HTTP_USER_AGENT} !~ /lynx/i) { - $form{terminal} = "mozilla"; - } - } else { - if ($ENV{TERM} =~ /xterm/) { - $form{terminal} = "xterm"; - } - if ($ENV{TERM} =~ /(console|linux|vt.*)/i) { - $form{terminal} = "console"; - } - } - } - - - if ($form{terminal}) { - - $ARGV[0] = "path=bin/$form{terminal}&script=$script"; - map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form; - - require "bin/$form{terminal}/$script"; - - } else { - - print "Content-Type: text/html\n\n<html><body><strong>" if $ENV{HTTP_USER_AGENT}; - print qq|\nUnknown terminal\n|; - print "\n</strong></body></html>" if $ENV{HTTP_USER_AGENT}; - } + $form{terminal} = "lynx"; + + if ($ENV{HTTP_USER_AGENT} !~ /lynx/i) { + $form{terminal} = "mozilla"; + } + + $ARGV[0] = "path=bin/$form{terminal}&script=$script"; + map { $ARGV[0] .= "&${_}=$form{$_}" } keys %form; + + require "bin/$form{terminal}/$script"; } |