[X2Go-Commits] x2goserver.git - build-main (branch) updated: 4.0.1.9-39-g331ef63
X2Go dev team
git-admin at x2go.org
Fri Jan 3 17:57:49 CET 2014
The branch, build-main has been updated
via 331ef6329eb1567a037bfc111465dfc5f0ae6497 (commit)
from 18bd2f09f6f2ee909068bb50490755b713110f2b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 331ef6329eb1567a037bfc111465dfc5f0ae6497
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Dec 30 15:05:35 2013 +0100
Sanitize session ID string, port numbers, display numbers and agent PID numbers.
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 2 ++
x2goserver/lib/x2godbwrapper.pm | 58 ++++++++++++++++++++----------
x2goserver/lib/x2gosqlitewrapper.pl | 68 ++++++++++++++++++++++++++++-------
x2goserver/lib/x2goutils.pm | 24 +++++++++++++
4 files changed, 121 insertions(+), 31 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index db634e2..ff70b68 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -177,6 +177,8 @@ x2goserver (4.0.0.8-0x2go1) UNRELEASED; urgency=low
- Avoid one argument system calls and backticks in x2goprint.
- Avoid backticks in x2goshowblocks, move script to <prefix>/sbin/ as it is
for being run with root privileges.
+ - Sanitize session ID string, port numbers, display numbers and agent PID
+ numbers.
-- Mike Gabriel <mike.gabriel at das-netzwerkteam.de> Thu, 28 Nov 2013 16:14:32 +0100
diff --git a/x2goserver/lib/x2godbwrapper.pm b/x2goserver/lib/x2godbwrapper.pm
index e6bcb48..259e567 100644
--- a/x2goserver/lib/x2godbwrapper.pm
+++ b/x2goserver/lib/x2godbwrapper.pm
@@ -29,7 +29,7 @@ use Sys::Syslog qw( :standard :macros );
my $x2go_lib_path = `x2gopath libexec`;
use lib `x2gopath lib`;
use x2gologlevel;
-
+use x2goutils;
my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwuid(getuid());
@@ -112,20 +112,20 @@ sub dbsys_rmsessionsroot
sub dbsys_deletemounts
{
- my $sid=shift or die "argument \"session_id\" missed";
- if ($backend eq 'postgres')
- {
- my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
- my $sth=$dbh->prepare("delete from mounts where session_id='$sid'");
- $sth->execute();
- $sth->finish();
- $dbh->disconnect();
- }
- if ($backend eq 'sqlite')
- {
- `$x2go_lib_path/x2gosqlitewrapper deletemounts $sid`;
- }
- syslog('debug', "dbsys_deletemounts called, session ID: $sid");
+ my $sid=shift or die "argument \"session_id\" missed";
+ if ($backend eq 'postgres')
+ {
+ my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
+ my $sth=$dbh->prepare("delete from mounts where session_id='$sid'");
+ $sth->execute();
+ $sth->finish();
+ $dbh->disconnect();
+ }
+ if ($backend eq 'sqlite')
+ {
+ `$x2go_lib_path/x2gosqlitewrapper deletemounts $sid`;
+ }
+ syslog('debug', "dbsys_deletemounts called, session ID: $sid");
}
sub dbsys_listsessionsroot
@@ -193,6 +193,7 @@ sub dbsys_getmounts
my $sid=shift or die "argument \"session_id\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my @strings;
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'");
@@ -222,6 +223,7 @@ sub db_getmounts
my $sid=shift or die "argument \"session_id\" missed";
if($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my @strings;
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select client, path from mounts_view where session_id='$sid'");
@@ -251,6 +253,7 @@ sub db_deletemount
my $path=shift or die "argument \"path\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("delete from mounts_view where session_id='$sid' and path='$path'");
$sth->execute();
@@ -272,6 +275,7 @@ sub db_insertmount
my $res_ok=0;
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values ('$sid','$path','$client')");
$sth->execute();
@@ -300,6 +304,8 @@ sub db_insertsession
my $sid=shift or die "argument \"session_id\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
+ $display = x2goutils::sanitizer('num', $display) or die "argument \"display\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$uname','$sid')");
$sth->execute()or die $_;
@@ -328,6 +334,11 @@ sub db_createsession
my $sid=shift or die "argument \"session_id\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
+ $pid = x2goutils::sanitizer('num', $pid) or die "argument \"pid\" malformed";
+ $gr_port = x2goutils::sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
+ $snd_port = x2goutils::sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
+ $fs_port = x2goutils::sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("update sessions_view set status='R',last_time=now(),
cookie='$cookie',agent_pid='$pid',client='$client',gr_port='$gr_port',
@@ -354,6 +365,7 @@ sub db_insertport
my $sshport=shift or die "argument \"port\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')");
$sth->execute()or die;
@@ -392,22 +404,26 @@ sub db_resume
my $client=shift or die "argument \"client\" missed";
my $sid=shift or die "argument \"session_id\" missed";
my $gr_port=shift or die "argument \"gr_port\" missed";
- my $sound_port=shift or die "argument \"sound_port\" missed";
+ my $snd_port=shift or die "argument \"snd_port\" missed";
my $fs_port=shift or die "argument \"fs_port\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
+ $gr_port = x2goutils::sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
+ $snd_port = x2goutils::sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
+ $fs_port = x2goutils::sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='R',client='$client',gr_port='$gr_port',
- sound_port='$sound_port',fs_port='$fs_port' where session_id = '$sid'");
+ sound_port='$snd_port',fs_port='$fs_port' where session_id = '$sid'");
$sth->execute()or die;
$sth->finish();
$dbh->disconnect();
}
if ($backend eq 'sqlite')
{
- `$x2go_lib_path/x2gosqlitewrapper resume $client $sid $gr_port $sound_port $fs_port`;
+ `$x2go_lib_path/x2gosqlitewrapper resume $client $sid $gr_port $snd_port $fs_port`;
}
- syslog('debug', "db_resume called, session ID: $sid, client: $client, gr_port: $gr_port, sound_port: $sound_port, fs_port: $fs_port");
+ syslog('debug', "db_resume called, session ID: $sid, client: $client, gr_port: $gr_port, sound_port: $snd_port, fs_port: $fs_port");
}
sub db_changestatus
@@ -416,6 +432,7 @@ sub db_changestatus
my $sid=shift or die "argument \"session_id\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='$status' where session_id = '$sid'");
$sth->execute()or die;
@@ -435,6 +452,7 @@ sub db_getstatus
my $status='';
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select status from sessions_view where session_id = '$sid'");
$sth->execute($sid) or die;
@@ -548,6 +566,7 @@ sub db_getagent
my $sid=shift or die "argument \"session_id\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select agent_pid from sessions_view
where session_id ='$sid'");
@@ -575,6 +594,7 @@ sub db_getdisplay
my $sid=shift or die "argument \"session_id\" missed";
if ($backend eq 'postgres')
{
+ $sid = x2goutils::sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select display from sessions_view
where session_id ='$sid'");
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index f47fdec..48278fa 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -50,6 +50,29 @@ elsif ( $strloglevel eq "info" ) { $loglevel = LOG_INFO; }
elsif ( $strloglevel eq "debug" ) { $loglevel = LOG_DEBUG; }
setlogmask( LOG_UPTO($loglevel) );
+# same applies for the sanitizer code shipped in x2goutils.pm
+sub sanitizer {
+ my $type = $_[0];
+ my $string = $_[1];
+ if ($type eq "num") {
+ $string =~ s/\D//g;
+ if ($string =~ /^([0-9]*)$/) {
+ $string = $1;
+ return $string;
+ } else {return 0;}
+ } elsif ($type eq "anumazcsdaus") {
+ $string =~ s/[^a-zA-Z0-9\_\-]//g;
+ if ($string =~ /^([a-zA-Z0-9\_\-]*)$/) {
+ $string = $1;
+ return $string;
+ } else {return 0;}
+ } elsif ($type eq "SOMETHINGELSE") {
+ return 0;
+ } else {
+ return 0;
+ }
+}
+
####
#### end of duplicated syslogging code
####
@@ -126,6 +149,7 @@ elsif($cmd eq "listsessionsroot_all")
elsif($cmd eq "getmounts")
{
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my @strings;
my $sth=$dbh->prepare("select client, path from mounts where session_id=?");
@@ -141,6 +165,7 @@ elsif($cmd eq "getmounts")
elsif($cmd eq "deletemount")
{
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $path=shift or die "argument \"path\" missed";
check_user($sid);
my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?");
@@ -155,21 +180,23 @@ elsif($cmd eq "deletemount")
elsif($cmd eq "deletemounts")
{
- my $sid=shift or die "argument \"session_id\" missed";
- check_user($sid);
- my $sth=$dbh->prepare("delete from mounts where session_id=?");
- $sth->execute($sid);
- if ($sth->err())
- {
- syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()");
- die();
- }
- $sth->finish();
+ my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
+ check_user($sid);
+ my $sth=$dbh->prepare("delete from mounts where session_id=?");
+ $sth->execute($sid);
+ if ($sth->err())
+ {
+ syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()");
+ die();
+ }
+ $sth->finish();
}
elsif($cmd eq "insertmount")
{
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $path=shift or die "argument \"path\" missed";
my $client=shift or die "argument \"client\" missed";
check_user($sid);
@@ -187,8 +214,10 @@ elsif($cmd eq "insertmount")
elsif($cmd eq "insertsession")
{
my $display=shift or die "argument \"display\" missed";
+ $display = sanitizer('num', $display) or die "argument \"display\" malformed";
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values
(?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))");
@@ -201,11 +230,16 @@ elsif($cmd eq "createsession")
{
my $cookie=shift or die"argument \"cookie\" missed";
my $pid=shift or die"argument \"pid\" missed";
+ $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed";
my $client=shift or die"argument \"client\" missed";
my $gr_port=shift or die"argument \"gr_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
my $snd_port=shift or die"argument \"snd_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die"argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?,
client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?");
@@ -223,6 +257,7 @@ elsif($cmd eq "insertport")
{
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $sshport=shift or die "argument \"port\" missed";
my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)");
check_user($sid);
@@ -239,6 +274,7 @@ elsif($cmd eq "rmport")
{
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $sshport=shift or die "argument \"port\" missed";
my $sth=$dbh->prepare("delete from used_ports where server=? and session_id=? and port=?");
check_user($sid);
@@ -254,13 +290,17 @@ elsif($cmd eq "resume")
{
my $client=shift or die "argument \"client\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $gr_port=shift or die "argument \"gr_port\" missed";
- my $sound_port=shift or die "argument \"sound_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
+ my $snd_port=shift or die "argument \"snd_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die "argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
check_user($sid);
my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),status='R',
client=?,gr_port=?,sound_port=?,fs_port=? where session_id = ? and uname=?");
- $sth->execute($client, $gr_port, $sound_port, $fs_port, $sid, $realuser);
+ $sth->execute($client, $gr_port, $snd_port, $fs_port, $sid, $realuser);
if ($sth->err())
{
syslog('error', "resume (SQLite3 session db backend) failed with exitcode: $sth->err()");
@@ -273,6 +313,7 @@ elsif($cmd eq "changestatus")
{
my $status=shift or die "argument \"status\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),
status=? where session_id = ? and uname=?");
@@ -288,6 +329,7 @@ elsif($cmd eq "changestatus")
elsif($cmd eq "getstatus")
{
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("select status from sessions where session_id = ?");
$sth->execute($sid);
@@ -373,6 +415,7 @@ elsif($cmd eq "getservers")
elsif($cmd eq "getagent")
{
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $agent;
check_user($sid);
my $sth=$dbh->prepare("select agent_pid from sessions
@@ -396,6 +439,7 @@ elsif($cmd eq "getagent")
elsif($cmd eq "getdisplay")
{
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $display;
check_user($sid);
my $sth=$dbh->prepare("select display from sessions
diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm
index 649241a..05aa460 100644
--- a/x2goserver/lib/x2goutils.pm
+++ b/x2goserver/lib/x2goutils.pm
@@ -28,6 +28,30 @@ use base 'Exporter';
our @EXPORT = ( 'system_capture_merged_output' );
+# same applies for the sanitizer code shipped in x2goutils.pm
+sub sanitizer {
+ my $type = $_[0];
+ my $string = $_[1];
+ if ($type eq "num") {
+ $string =~ s/\D//g;
+ if ($string =~ /^([0-9]*)$/) {
+ $string = $1;
+ return $string;
+ } else {return 0;}
+ } elsif ($type eq "anumazcsdaus") {
+ $string =~ s/[^a-zA-Z0-9\_\-]//g;
+ if ($string =~ /^([a-zA-Z0-9\_\-]*)$/) {
+ $string = $1;
+ return $string;
+ } else {return 0;}
+ } elsif ($type eq "SOMETHINGELSE") {
+ return 0;
+ } else {
+ return 0;
+ }
+}
+
+
sub system_capture_merged_output {
my $cmd = shift;
my @args = @_;
hooks/post-receive
--
x2goserver.git (X2Go Server)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).
More information about the x2go-commits
mailing list