Skip to content

Commit

Permalink
Security fixes for SA46551,
Browse files Browse the repository at this point in the history
phpLDAPadmin Cross-Site Scripting and Code Injection Vulnerabilities
  • Loading branch information
jasperla committed Oct 25, 2011
1 parent c6aad95 commit 25fc3d4
Showing 3 changed files with 43 additions and 2 deletions.
4 changes: 2 additions & 2 deletions www/phpldapadmin/Makefile
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# $OpenBSD: Makefile,v 1.29 2011/10/06 07:54:49 ajacoutot Exp $
# $OpenBSD: Makefile,v 1.30 2011/10/25 19:07:56 jasper Exp $

COMMENT= web-based LDAP browser to manage LDAP servers

VERSION= 1.2.1.1
DISTNAME= phpldapadmin-${VERSION}
CATEGORIES= www
HOMEPAGE= http://phpldapadmin.sourceforge.net/
REVISION= 0
REVISION= 1

# GPLv2
PERMIT_PACKAGE_CDROM= Yes
20 changes: 20 additions & 0 deletions www/phpldapadmin/patches/patch-htdocs_cmd_php
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
$OpenBSD: patch-htdocs_cmd_php,v 1.2 2011/10/25 19:07:56 jasper Exp $

From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001
From: Deon George <[email protected]>
Date: Wed, 27 Jul 2011 07:30:06 +1000
Subject: [PATCH] Remove XSS vulnerabilty in debug code

--- htdocs/cmd.php.orig Tue Oct 25 21:06:17 2011
+++ htdocs/cmd.php Tue Oct 25 21:06:32 2011
@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');
ob_start();

switch ($www['cmd']) {
- case '_debug':
- debug_dump($_REQUEST,1);
- break;
-
default:
if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
21 changes: 21 additions & 0 deletions www/phpldapadmin/patches/patch-lib_functions_php
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
$OpenBSD: patch-lib_functions_php,v 1.1 2011/10/25 19:07:56 jasper Exp $

From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
From: Deon George <[email protected]>
Date: Thu, 6 Oct 2011 09:03:20 +1100
Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability

--- lib/functions.php.orig Tue Oct 25 21:05:21 2011
+++ lib/functions.php Tue Oct 25 21:05:31 2011
@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);

- # if the array to sort is null or empty
- if (! $data) return;
+ # if the array to sort is null or empty, or if we have some nasty chars
+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
+ return;

static $CACHE = array();

0 comments on commit 25fc3d4

Please sign in to comment.