The branch, build-main has been updated via 331ef6329eb1567a037bfc111465dfc5f0ae6497 (commit) from 18bd2f09f6f2ee909068bb50490755b713110f2b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 331ef6329eb1567a037bfc111465dfc5f0ae6497 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Dec 30 15:05:35 2013 +0100 Sanitize session ID string, port numbers, display numbers and agent PID numbers. ----------------------------------------------------------------------- Summary of changes: debian/changelog | 2 ++ x2goserver/lib/x2godbwrapper.pm | 58 ++++++++++++++++++++---------- x2goserver/lib/x2gosqlitewrapper.pl | 68 ++++++++++++++++++++++++++++------- x2goserver/lib/x2goutils.pm | 24 +++++++++++++ 4 files changed, 121 insertions(+), 31 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index db634e2..ff70b68 100644 --- a/debian/changelog +++ b/debian/changelog @@ -177,6 +177,8 @@ x2goserver (4.0.0.8-0x2go1) UNRELEASED; urgency=low - Avoid one argument system calls and backticks in x2goprint. - Avoid backticks in x2goshowblocks, move script to <prefix>/sbin/ as it is for being run with root privileges. + - Sanitize session ID string, port numbers, display numbers and agent PID + numbers. -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Thu, 28 Nov 2013 16:14:32 +0100 diff --git a/x2goserver/lib/x2godbwrapper.pm b/x2goserver/lib/x2godbwrapper.pm index e6bcb48..259e567 100644 --- a/x2goserver/lib/x2godbwrapper.pm +++ b/x2goserver/lib/x2godbwrapper.pm @@ -29,7 +29,7 @@ use Sys::Syslog qw( :standard :macros ); my $x2go_lib_path = `x2gopath libexec`; use lib `x2gopath lib`; use x2gologlevel; - +use x2goutils; my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwuid(getuid()); @@ -112,20 +112,20 @@ sub dbsys_rmsessionsroot sub dbsys_deletemounts { - my $sid=shift or die "argument \"session_id\" missed"; - if ($backend eq 'postgres') - { - my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; - my $sth=$dbh->prepare("delete from mounts where session_id='$sid'"); - $sth->execute(); - $sth->finish(); - $dbh->disconnect(); - } - if ($backend eq 'sqlite') - { - `$x2go_lib_path/x2gosqlitewrapper deletemounts $sid`; - } - syslog('debug', "dbsys_deletemounts called, session ID: $sid"); + my $sid=shift or die "argument \"session_id\" missed"; + if ($backend eq 'postgres') + { + my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; + my $sth=$dbh->prepare("delete from mounts where session_id='$sid'"); + $sth->execute(); + $sth->finish(); + $dbh->disconnect(); + } + if ($backend eq 'sqlite') + { + `$x2go_lib_path/x2gosqlitewrapper deletemounts $sid`; + } + syslog('debug', "dbsys_deletemounts called, session ID: $sid"); } sub dbsys_listsessionsroot @@ -193,6 +193,7 @@ sub dbsys_getmounts my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my @strings; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'"); @@ -222,6 +223,7 @@ sub db_getmounts my $sid=shift or die "argument \"session_id\" missed"; if($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my @strings; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts_view where session_id='$sid'"); @@ -251,6 +253,7 @@ sub db_deletemount my $path=shift or die "argument \"path\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("delete from mounts_view where session_id='$sid' and path='$path'"); $sth->execute(); @@ -272,6 +275,7 @@ sub db_insertmount my $res_ok=0; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values ('$sid','$path','$client')"); $sth->execute(); @@ -300,6 +304,8 @@ sub db_insertsession my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $display = x2goutils::sanitizer('num', $display) or die "argument \"display\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$uname','$sid')"); $sth->execute()or die $_; @@ -328,6 +334,11 @@ sub db_createsession my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $pid = x2goutils::sanitizer('num', $pid) or die "argument \"pid\" malformed"; + $gr_port = x2goutils::sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; + $snd_port = x2goutils::sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; + $fs_port = x2goutils::sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set status='R',last_time=now(), cookie='$cookie',agent_pid='$pid',client='$client',gr_port='$gr_port', @@ -354,6 +365,7 @@ sub db_insertport my $sshport=shift or die "argument \"port\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')"); $sth->execute()or die; @@ -392,22 +404,26 @@ sub db_resume my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; my $gr_port=shift or die "argument \"gr_port\" missed"; - my $sound_port=shift or die "argument \"sound_port\" missed"; + my $snd_port=shift or die "argument \"snd_port\" missed"; my $fs_port=shift or die "argument \"fs_port\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $gr_port = x2goutils::sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; + $snd_port = x2goutils::sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; + $fs_port = x2goutils::sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='R',client='$client',gr_port='$gr_port', - sound_port='$sound_port',fs_port='$fs_port' where session_id = '$sid'"); + sound_port='$snd_port',fs_port='$fs_port' where session_id = '$sid'"); $sth->execute()or die; $sth->finish(); $dbh->disconnect(); } if ($backend eq 'sqlite') { - `$x2go_lib_path/x2gosqlitewrapper resume $client $sid $gr_port $sound_port $fs_port`; + `$x2go_lib_path/x2gosqlitewrapper resume $client $sid $gr_port $snd_port $fs_port`; } - syslog('debug', "db_resume called, session ID: $sid, client: $client, gr_port: $gr_port, sound_port: $sound_port, fs_port: $fs_port"); + syslog('debug', "db_resume called, session ID: $sid, client: $client, gr_port: $gr_port, sound_port: $snd_port, fs_port: $fs_port"); } sub db_changestatus @@ -416,6 +432,7 @@ sub db_changestatus my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='$status' where session_id = '$sid'"); $sth->execute()or die; @@ -435,6 +452,7 @@ sub db_getstatus my $status=''; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select status from sessions_view where session_id = '$sid'"); $sth->execute($sid) or die; @@ -548,6 +566,7 @@ sub db_getagent my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select agent_pid from sessions_view where session_id ='$sid'"); @@ -575,6 +594,7 @@ sub db_getdisplay my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { + $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select display from sessions_view where session_id ='$sid'"); diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl index f47fdec..48278fa 100755 --- a/x2goserver/lib/x2gosqlitewrapper.pl +++ b/x2goserver/lib/x2gosqlitewrapper.pl @@ -50,6 +50,29 @@ elsif ( $strloglevel eq "info" ) { $loglevel = LOG_INFO; } elsif ( $strloglevel eq "debug" ) { $loglevel = LOG_DEBUG; } setlogmask( LOG_UPTO($loglevel) ); +# same applies for the sanitizer code shipped in x2goutils.pm +sub sanitizer { + my $type = $_[0]; + my $string = $_[1]; + if ($type eq "num") { + $string =~ s/\D//g; + if ($string =~ /^([0-9]*)$/) { + $string = $1; + return $string; + } else {return 0;} + } elsif ($type eq "anumazcsdaus") { + $string =~ s/[^a-zA-Z0-9\_\-]//g; + if ($string =~ /^([a-zA-Z0-9\_\-]*)$/) { + $string = $1; + return $string; + } else {return 0;} + } elsif ($type eq "SOMETHINGELSE") { + return 0; + } else { + return 0; + } +} + #### #### end of duplicated syslogging code #### @@ -126,6 +149,7 @@ elsif($cmd eq "listsessionsroot_all") elsif($cmd eq "getmounts") { my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my @strings; my $sth=$dbh->prepare("select client, path from mounts where session_id=?"); @@ -141,6 +165,7 @@ elsif($cmd eq "getmounts") elsif($cmd eq "deletemount") { my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; check_user($sid); my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?"); @@ -155,21 +180,23 @@ elsif($cmd eq "deletemount") elsif($cmd eq "deletemounts") { - my $sid=shift or die "argument \"session_id\" missed"; - check_user($sid); - my $sth=$dbh->prepare("delete from mounts where session_id=?"); - $sth->execute($sid); - if ($sth->err()) - { - syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()"); - die(); - } - $sth->finish(); + my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + check_user($sid); + my $sth=$dbh->prepare("delete from mounts where session_id=?"); + $sth->execute($sid); + if ($sth->err()) + { + syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()"); + die(); + } + $sth->finish(); } elsif($cmd eq "insertmount") { my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $client=shift or die "argument \"client\" missed"; check_user($sid); @@ -187,8 +214,10 @@ elsif($cmd eq "insertmount") elsif($cmd eq "insertsession") { my $display=shift or die "argument \"display\" missed"; + $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values (?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))"); @@ -201,11 +230,16 @@ elsif($cmd eq "createsession") { my $cookie=shift or die"argument \"cookie\" missed"; my $pid=shift or die"argument \"pid\" missed"; + $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed"; my $client=shift or die"argument \"client\" missed"; my $gr_port=shift or die"argument \"gr_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die"argument \"snd_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die"argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?, client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?"); @@ -223,6 +257,7 @@ elsif($cmd eq "insertport") { my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)"); check_user($sid); @@ -239,6 +274,7 @@ elsif($cmd eq "rmport") { my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("delete from used_ports where server=? and session_id=? and port=?"); check_user($sid); @@ -254,13 +290,17 @@ elsif($cmd eq "resume") { my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $gr_port=shift or die "argument \"gr_port\" missed"; - my $sound_port=shift or die "argument \"sound_port\" missed"; + $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; + my $snd_port=shift or die "argument \"snd_port\" missed"; + $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; my $fs_port=shift or die "argument \"fs_port\" missed"; + $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),status='R', client=?,gr_port=?,sound_port=?,fs_port=? where session_id = ? and uname=?"); - $sth->execute($client, $gr_port, $sound_port, $fs_port, $sid, $realuser); + $sth->execute($client, $gr_port, $snd_port, $fs_port, $sid, $realuser); if ($sth->err()) { syslog('error', "resume (SQLite3 session db backend) failed with exitcode: $sth->err()"); @@ -273,6 +313,7 @@ elsif($cmd eq "changestatus") { my $status=shift or die "argument \"status\" missed"; my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'), status=? where session_id = ? and uname=?"); @@ -288,6 +329,7 @@ elsif($cmd eq "changestatus") elsif($cmd eq "getstatus") { my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("select status from sessions where session_id = ?"); $sth->execute($sid); @@ -373,6 +415,7 @@ elsif($cmd eq "getservers") elsif($cmd eq "getagent") { my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $agent; check_user($sid); my $sth=$dbh->prepare("select agent_pid from sessions @@ -396,6 +439,7 @@ elsif($cmd eq "getagent") elsif($cmd eq "getdisplay") { my $sid=shift or die "argument \"session_id\" missed"; + $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; my $display; check_user($sid); my $sth=$dbh->prepare("select display from sessions diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm index 649241a..05aa460 100644 --- a/x2goserver/lib/x2goutils.pm +++ b/x2goserver/lib/x2goutils.pm @@ -28,6 +28,30 @@ use base 'Exporter'; our @EXPORT = ( 'system_capture_merged_output' ); +# same applies for the sanitizer code shipped in x2goutils.pm +sub sanitizer { + my $type = $_[0]; + my $string = $_[1]; + if ($type eq "num") { + $string =~ s/\D//g; + if ($string =~ /^([0-9]*)$/) { + $string = $1; + return $string; + } else {return 0;} + } elsif ($type eq "anumazcsdaus") { + $string =~ s/[^a-zA-Z0-9\_\-]//g; + if ($string =~ /^([a-zA-Z0-9\_\-]*)$/) { + $string = $1; + return $string; + } else {return 0;} + } elsif ($type eq "SOMETHINGELSE") { + return 0; + } else { + return 0; + } +} + + sub system_capture_merged_output { my $cmd = shift; my @args = @_; hooks/post-receive -- x2goserver.git (X2Go Server) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goserver.git" (X2Go Server).