The branch, master has been updated via d53c913ca59d60ccdfde1b82374aef838866b421 (commit) from d72b7889452110783c838a80cdd2904cb4b5aa91 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d53c913ca59d60ccdfde1b82374aef838866b421 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Dec 30 03:05:41 2013 +0100 Sanitize session ID, port numbers, display number and PID number before writing it to the session DB. ----------------------------------------------------------------------- Summary of changes: X2Go/Server/DB/PostgreSQL.pm | 28 ++++++++- X2Go/Server/DB/SQLite3.pm | 64 ++++++++++++++------ debian/changelog | 2 + .../lib/libx2go-server-db-sqlite3-wrapper.pl | 2 +- 4 files changed, 75 insertions(+), 21 deletions(-) The diff of changes is: diff --git a/X2Go/Server/DB/PostgreSQL.pm b/X2Go/Server/DB/PostgreSQL.pm index 6e94ef1..772bfe6 100644 --- a/X2Go/Server/DB/PostgreSQL.pm +++ b/X2Go/Server/DB/PostgreSQL.pm @@ -37,6 +37,7 @@ use Sys::Syslog qw( :standard :macros ); use X2Go::Log qw( loglevel ); use X2Go::Config qw( get_sqlconfig ); +use X2Go::Utils qw( sanitizer ); setlogmask( LOG_UPTO(loglevel()) ); @@ -178,6 +179,7 @@ sub dbsys_getmounts { init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my @mounts; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'"); @@ -197,6 +199,7 @@ sub db_getmounts { init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my @mounts; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts_view where session_id='$sid'"); @@ -216,6 +219,7 @@ sub db_deletemount { init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("delete from mounts_view where session_id='$sid' and path='$path'"); @@ -228,6 +232,7 @@ sub db_insertmount { init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $client=shift or die "argument \"client\" missed"; my $res_ok=0; @@ -247,8 +252,10 @@ sub db_insertsession { init_db(); my $display=shift or die "argument \"display\" missed"; + $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$uname','$sid')"); $sth->execute()or die $_; @@ -260,8 +267,10 @@ sub db_insertshadowsession { init_db(); my $display=shift or die "argument \"display\" missed"; + $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $shadreq_user=shift or die "argument \"shadreq_user\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$shadreq_user','$sid')"); @@ -275,11 +284,16 @@ sub db_createsession init_db(); my $cookie=shift or die"argument \"cookie\" missed"; my $pid=shift or die"argument \"pid\" missed"; + $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed"; my $client=shift or die"argument \"client\" missed"; my $gr_port=shift or die"argument \"gr_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die"argument \"snd_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die"argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set status='R',last_time=now(), cookie='$cookie',agent_pid='$pid',client='$client',gr_port='$gr_port', @@ -294,6 +308,7 @@ sub db_insertport init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')"); @@ -307,6 +322,7 @@ sub db_rmport init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("delete from used_ports where server='$server' and session_id='$sid' and port='$sshport'"); @@ -320,12 +336,16 @@ sub db_resume init_db(); my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $gr_port=shift or die "argument \"gr_port\" missed"; - my $sound_port=shift or die "argument \"sound_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; + my $snd_port=shift or die "argument \"sound_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die "argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='R',client='$client',gr_port='$gr_port', - sound_port='$sound_port',fs_port='$fs_port' where session_id = '$sid'"); + sound_port='$snd_port',fs_port='$fs_port' where session_id = '$sid'"); $sth->execute()or die; $sth->finish(); $dbh->disconnect(); @@ -336,6 +356,7 @@ sub db_changestatus init_db(); my $status=shift or die "argument \"status\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='$status' where session_id = '$sid'"); $sth->execute()or die; @@ -347,6 +368,7 @@ sub db_getstatus { init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $status=''; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select status from sessions_view where session_id = '$sid'"); @@ -424,6 +446,7 @@ sub db_getagent init_db(); my $agent; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select agent_pid from sessions_view where session_id ='$sid'"); @@ -444,6 +467,7 @@ sub db_getdisplay init_db(); my $display; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select display from sessions_view where session_id ='$sid'"); diff --git a/X2Go/Server/DB/SQLite3.pm b/X2Go/Server/DB/SQLite3.pm index 9a0ce2a..2894bfa 100644 --- a/X2Go/Server/DB/SQLite3.pm +++ b/X2Go/Server/DB/SQLite3.pm @@ -42,6 +42,7 @@ use POSIX; use Sys::Syslog qw( :standard :macros ); use X2Go::Log qw( loglevel ); +use X2Go::Utils qw( sanitizer ); openlog($0,'cons,pid','user'); setlogmask( LOG_UPTO(loglevel()) ); @@ -131,10 +132,27 @@ sub dbsys_listsessionsroot_all return @sessions; } +sub dbsys_deletemounts +{ + my $dbh = init_db(); + my $sid=shift or die "argument \"session_id\" missed"; + check_user($sid); + my $sth=$dbh->prepare("delete from mounts where session_id=?"); + $sth->execute($sid); + if ($sth->err()) + { + syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()"); + die(); + } + $sth->finish(); + $dbh->disconnect(); +} + sub db_getmounts { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my @strings; my $sth=$dbh->prepare("select client, path from mounts where session_id=?"); @@ -154,6 +172,7 @@ sub db_deletemount { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; check_user($sid); my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?"); @@ -167,26 +186,11 @@ sub db_deletemount $dbh->disconnect(); } -sub db_deletemounts -{ - my $dbh = init_db(); - my $sid=shift or die "argument \"session_id\" missed"; - check_user($sid); - my $sth=$dbh->prepare("delete from mounts where session_id=?"); - $sth->execute($sid); - if ($sth->err()) - { - syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()"); - die(); - } - $sth->finish(); - $dbh->disconnect(); -} - sub db_insertmount { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $client=shift or die "argument \"client\" missed"; check_user($sid); @@ -208,8 +212,10 @@ sub db_insertsession { my $dbh = init_db(); my $display=shift or die "argument \"display\" missed"; + $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values (?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))"); @@ -223,8 +229,10 @@ sub db_insertshadowsession { my $dbh = init_db(); my $display=shift or die "argument \"display\" missed"; + $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $shadreq_user = shift or die "argument \"shadreq_user\" missed"; my $fake_sid = $sid; $fake_sid =~ s/$shadreq_user-/$realuser-/; @@ -242,11 +250,16 @@ sub db_createsession my $dbh = init_db(); my $cookie=shift or die"argument \"cookie\" missed"; my $pid=shift or die"argument \"pid\" missed"; + $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed"; my $client=shift or die"argument \"client\" missed"; my $gr_port=shift or die"argument \"gr_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die"argument \"snd_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die"argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?, client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?"); @@ -266,11 +279,16 @@ sub db_createshadowsession my $dbh = init_db(); my $cookie=shift or die"argument \"cookie\" missed"; my $pid=shift or die"argument \"pid\" missed"; + $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed"; my $client=shift or die"argument \"client\" missed"; my $gr_port=shift or die"argument \"gr_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die"argument \"snd_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die"argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $shadreq_user = shift or die "argument \"shadreq_user\" missed"; my $fake_sid = $sid; $fake_sid =~ s/^$shadreq_user-/$realuser-/; @@ -293,6 +311,7 @@ sub db_insertport my $dbh = init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)"); check_user($sid); @@ -311,6 +330,7 @@ sub db_rmport my $dbh = init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("delete from used_ports where server=? and session_id=? and port=?"); check_user($sid); @@ -328,13 +348,17 @@ sub db_resume my $dbh = init_db(); my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $gr_port=shift or die "argument \"gr_port\" missed"; - my $sound_port=shift or die "argument \"sound_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; + my $snd_port=shift or die "argument \"snd_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die "argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),status='R', client=?,gr_port=?,sound_port=?,fs_port=? where session_id = ? and uname=?"); - $sth->execute($client, $gr_port, $sound_port, $fs_port, $sid, $realuser); + $sth->execute($client, $gr_port, $snd_port, $fs_port, $sid, $realuser); if ($sth->err()) { syslog('error', "resume (SQLite3 session db backend) failed with exitcode: $sth->err()"); @@ -349,6 +373,7 @@ sub db_changestatus my $dbh = init_db(); my $status=shift or die "argument \"status\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'), status=? where session_id = ? and uname=?"); @@ -366,6 +391,7 @@ sub db_getstatus { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("select status from sessions where session_id = ?"); $sth->execute($sid); @@ -458,6 +484,7 @@ sub db_getagent { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $agent; check_user($sid); my $sth=$dbh->prepare("select agent_pid from sessions @@ -483,6 +510,7 @@ sub db_getdisplay { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $display; check_user($sid); my $sth=$dbh->prepare("select display from sessions diff --git a/debian/changelog b/debian/changelog index 5db2ff6..a7c7f1d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -44,6 +44,8 @@ x2goserver (4.1.0.0-0x2go1) UNRELEASED; urgency=low Move duplicate code into that new Perl package. - Security audit of complete code tree, avoid one-argument system calls where possible, avoid backticks, use more quotes in shell scripts. + - Sanitize session ID, port numbers, display number and PID number before + writing it to the session DB. * debian/control: + Package X2Go::Log in separate package: libx2go-log-perl. + Package X2Go::Server::DB in separate package: libx2go-server-db-perl. diff --git a/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl b/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl index 3d16fd5..b89cde3 100755 --- a/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl +++ b/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl @@ -56,7 +56,7 @@ switch ($cmd) { case /.*listsessions.*root/ { @result_list = eval("X2Go::Server::DB::SQLite3::dbsys_$cmd(\@ARGV)") } case /.*(list.*sessions|getmounts).*/ { @result_list = eval("X2Go::Server::DB::SQLite3::db_$cmd(\@ARGV)") } - case /.*root/ { $result = eval("X2Go::Server::DB::SQLite3::dbsys_$cmd(\@ARGV)") } + case /.*(root|deletemounts)/ { $result = eval("X2Go::Server::DB::SQLite3::dbsys_$cmd(\@ARGV)") } else { $result = eval("X2Go::Server::DB::SQLite3::db_$cmd(\@ARGV)") } } hooks/post-receive -- x2goserver.git (X2Go Server) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goserver.git" (X2Go Server).