[X2Go-Commits] x2goserver.git - master (branch) updated: 3.1.1.3-328-gd53c913
X2Go dev team
git-admin at x2go.org
Fri Jan 3 18:00:36 CET 2014
The branch, master has been updated
via d53c913ca59d60ccdfde1b82374aef838866b421 (commit)
from d72b7889452110783c838a80cdd2904cb4b5aa91 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d53c913ca59d60ccdfde1b82374aef838866b421
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Dec 30 03:05:41 2013 +0100
Sanitize session ID, port numbers, display number and PID number before writing it to the session DB.
-----------------------------------------------------------------------
Summary of changes:
X2Go/Server/DB/PostgreSQL.pm | 28 ++++++++-
X2Go/Server/DB/SQLite3.pm | 64 ++++++++++++++------
debian/changelog | 2 +
.../lib/libx2go-server-db-sqlite3-wrapper.pl | 2 +-
4 files changed, 75 insertions(+), 21 deletions(-)
The diff of changes is:
diff --git a/X2Go/Server/DB/PostgreSQL.pm b/X2Go/Server/DB/PostgreSQL.pm
index 6e94ef1..772bfe6 100644
--- a/X2Go/Server/DB/PostgreSQL.pm
+++ b/X2Go/Server/DB/PostgreSQL.pm
@@ -37,6 +37,7 @@ use Sys::Syslog qw( :standard :macros );
use X2Go::Log qw( loglevel );
use X2Go::Config qw( get_sqlconfig );
+use X2Go::Utils qw( sanitizer );
setlogmask( LOG_UPTO(loglevel()) );
@@ -178,6 +179,7 @@ sub dbsys_getmounts
{
init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my @mounts;
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'");
@@ -197,6 +199,7 @@ sub db_getmounts
{
init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my @mounts;
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select client, path from mounts_view where session_id='$sid'");
@@ -216,6 +219,7 @@ sub db_deletemount
{
init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $path=shift or die "argument \"path\" missed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("delete from mounts_view where session_id='$sid' and path='$path'");
@@ -228,6 +232,7 @@ sub db_insertmount
{
init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $path=shift or die "argument \"path\" missed";
my $client=shift or die "argument \"client\" missed";
my $res_ok=0;
@@ -247,8 +252,10 @@ sub db_insertsession
{
init_db();
my $display=shift or die "argument \"display\" missed";
+ $display = sanitizer('num', $display) or die "argument \"display\" malformed";
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$uname','$sid')");
$sth->execute()or die $_;
@@ -260,8 +267,10 @@ sub db_insertshadowsession
{
init_db();
my $display=shift or die "argument \"display\" missed";
+ $display = sanitizer('num', $display) or die "argument \"display\" malformed";
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $shadreq_user=shift or die "argument \"shadreq_user\" missed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$shadreq_user','$sid')");
@@ -275,11 +284,16 @@ sub db_createsession
init_db();
my $cookie=shift or die"argument \"cookie\" missed";
my $pid=shift or die"argument \"pid\" missed";
+ $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed";
my $client=shift or die"argument \"client\" missed";
my $gr_port=shift or die"argument \"gr_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
my $snd_port=shift or die"argument \"snd_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die"argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("update sessions_view set status='R',last_time=now(),
cookie='$cookie',agent_pid='$pid',client='$client',gr_port='$gr_port',
@@ -294,6 +308,7 @@ sub db_insertport
init_db();
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $sshport=shift or die "argument \"port\" missed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')");
@@ -307,6 +322,7 @@ sub db_rmport
init_db();
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $sshport=shift or die "argument \"port\" missed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("delete from used_ports where server='$server' and session_id='$sid' and port='$sshport'");
@@ -320,12 +336,16 @@ sub db_resume
init_db();
my $client=shift or die "argument \"client\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $gr_port=shift or die "argument \"gr_port\" missed";
- my $sound_port=shift or die "argument \"sound_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
+ my $snd_port=shift or die "argument \"sound_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die "argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='R',client='$client',gr_port='$gr_port',
- sound_port='$sound_port',fs_port='$fs_port' where session_id = '$sid'");
+ sound_port='$snd_port',fs_port='$fs_port' where session_id = '$sid'");
$sth->execute()or die;
$sth->finish();
$dbh->disconnect();
@@ -336,6 +356,7 @@ sub db_changestatus
init_db();
my $status=shift or die "argument \"status\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='$status' where session_id = '$sid'");
$sth->execute()or die;
@@ -347,6 +368,7 @@ sub db_getstatus
{
init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $status='';
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select status from sessions_view where session_id = '$sid'");
@@ -424,6 +446,7 @@ sub db_getagent
init_db();
my $agent;
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select agent_pid from sessions_view
where session_id ='$sid'");
@@ -444,6 +467,7 @@ sub db_getdisplay
init_db();
my $display;
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_;
my $sth=$dbh->prepare("select display from sessions_view
where session_id ='$sid'");
diff --git a/X2Go/Server/DB/SQLite3.pm b/X2Go/Server/DB/SQLite3.pm
index 9a0ce2a..2894bfa 100644
--- a/X2Go/Server/DB/SQLite3.pm
+++ b/X2Go/Server/DB/SQLite3.pm
@@ -42,6 +42,7 @@ use POSIX;
use Sys::Syslog qw( :standard :macros );
use X2Go::Log qw( loglevel );
+use X2Go::Utils qw( sanitizer );
openlog($0,'cons,pid','user');
setlogmask( LOG_UPTO(loglevel()) );
@@ -131,10 +132,27 @@ sub dbsys_listsessionsroot_all
return @sessions;
}
+sub dbsys_deletemounts
+{
+ my $dbh = init_db();
+ my $sid=shift or die "argument \"session_id\" missed";
+ check_user($sid);
+ my $sth=$dbh->prepare("delete from mounts where session_id=?");
+ $sth->execute($sid);
+ if ($sth->err())
+ {
+ syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()");
+ die();
+ }
+ $sth->finish();
+ $dbh->disconnect();
+}
+
sub db_getmounts
{
my $dbh = init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my @strings;
my $sth=$dbh->prepare("select client, path from mounts where session_id=?");
@@ -154,6 +172,7 @@ sub db_deletemount
{
my $dbh = init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $path=shift or die "argument \"path\" missed";
check_user($sid);
my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?");
@@ -167,26 +186,11 @@ sub db_deletemount
$dbh->disconnect();
}
-sub db_deletemounts
-{
- my $dbh = init_db();
- my $sid=shift or die "argument \"session_id\" missed";
- check_user($sid);
- my $sth=$dbh->prepare("delete from mounts where session_id=?");
- $sth->execute($sid);
- if ($sth->err())
- {
- syslog('error', "deletemounts (SQLite3 session db backend) failed with exitcode: $sth->err()");
- die();
- }
- $sth->finish();
- $dbh->disconnect();
-}
-
sub db_insertmount
{
my $dbh = init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $path=shift or die "argument \"path\" missed";
my $client=shift or die "argument \"client\" missed";
check_user($sid);
@@ -208,8 +212,10 @@ sub db_insertsession
{
my $dbh = init_db();
my $display=shift or die "argument \"display\" missed";
+ $display = sanitizer('num', $display) or die "argument \"display\" malformed";
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values
(?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))");
@@ -223,8 +229,10 @@ sub db_insertshadowsession
{
my $dbh = init_db();
my $display=shift or die "argument \"display\" missed";
+ $display = sanitizer('num', $display) or die "argument \"display\" malformed";
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $shadreq_user = shift or die "argument \"shadreq_user\" missed";
my $fake_sid = $sid;
$fake_sid =~ s/$shadreq_user-/$realuser-/;
@@ -242,11 +250,16 @@ sub db_createsession
my $dbh = init_db();
my $cookie=shift or die"argument \"cookie\" missed";
my $pid=shift or die"argument \"pid\" missed";
+ $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed";
my $client=shift or die"argument \"client\" missed";
my $gr_port=shift or die"argument \"gr_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
my $snd_port=shift or die"argument \"snd_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die"argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?,
client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?");
@@ -266,11 +279,16 @@ sub db_createshadowsession
my $dbh = init_db();
my $cookie=shift or die"argument \"cookie\" missed";
my $pid=shift or die"argument \"pid\" missed";
+ $pid = sanitizer('num', $pid) or die "argument \"pid\" malformed";
my $client=shift or die"argument \"client\" missed";
my $gr_port=shift or die"argument \"gr_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
my $snd_port=shift or die"argument \"snd_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die"argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $shadreq_user = shift or die "argument \"shadreq_user\" missed";
my $fake_sid = $sid;
$fake_sid =~ s/^$shadreq_user-/$realuser-/;
@@ -293,6 +311,7 @@ sub db_insertport
my $dbh = init_db();
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $sshport=shift or die "argument \"port\" missed";
my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)");
check_user($sid);
@@ -311,6 +330,7 @@ sub db_rmport
my $dbh = init_db();
my $server=shift or die "argument \"server\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $sshport=shift or die "argument \"port\" missed";
my $sth=$dbh->prepare("delete from used_ports where server=? and session_id=? and port=?");
check_user($sid);
@@ -328,13 +348,17 @@ sub db_resume
my $dbh = init_db();
my $client=shift or die "argument \"client\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $gr_port=shift or die "argument \"gr_port\" missed";
- my $sound_port=shift or die "argument \"sound_port\" missed";
+ $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed";
+ my $snd_port=shift or die "argument \"snd_port\" missed";
+ $snd_port = sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed";
my $fs_port=shift or die "argument \"fs_port\" missed";
+ $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed";
check_user($sid);
my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),status='R',
client=?,gr_port=?,sound_port=?,fs_port=? where session_id = ? and uname=?");
- $sth->execute($client, $gr_port, $sound_port, $fs_port, $sid, $realuser);
+ $sth->execute($client, $gr_port, $snd_port, $fs_port, $sid, $realuser);
if ($sth->err())
{
syslog('error', "resume (SQLite3 session db backend) failed with exitcode: $sth->err()");
@@ -349,6 +373,7 @@ sub db_changestatus
my $dbh = init_db();
my $status=shift or die "argument \"status\" missed";
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'),
status=? where session_id = ? and uname=?");
@@ -366,6 +391,7 @@ sub db_getstatus
{
my $dbh = init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
check_user($sid);
my $sth=$dbh->prepare("select status from sessions where session_id = ?");
$sth->execute($sid);
@@ -458,6 +484,7 @@ sub db_getagent
{
my $dbh = init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $agent;
check_user($sid);
my $sth=$dbh->prepare("select agent_pid from sessions
@@ -483,6 +510,7 @@ sub db_getdisplay
{
my $dbh = init_db();
my $sid=shift or die "argument \"session_id\" missed";
+ $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed";
my $display;
check_user($sid);
my $sth=$dbh->prepare("select display from sessions
diff --git a/debian/changelog b/debian/changelog
index 5db2ff6..a7c7f1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -44,6 +44,8 @@ x2goserver (4.1.0.0-0x2go1) UNRELEASED; urgency=low
Move duplicate code into that new Perl package.
- Security audit of complete code tree, avoid one-argument system calls where
possible, avoid backticks, use more quotes in shell scripts.
+ - Sanitize session ID, port numbers, display number and PID number before
+ writing it to the session DB.
* debian/control:
+ Package X2Go::Log in separate package: libx2go-log-perl.
+ Package X2Go::Server::DB in separate package: libx2go-server-db-perl.
diff --git a/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl b/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl
index 3d16fd5..b89cde3 100755
--- a/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl
+++ b/libx2go-server-db-perl/lib/libx2go-server-db-sqlite3-wrapper.pl
@@ -56,7 +56,7 @@ switch ($cmd)
{
case /.*listsessions.*root/ { @result_list = eval("X2Go::Server::DB::SQLite3::dbsys_$cmd(\@ARGV)") }
case /.*(list.*sessions|getmounts).*/ { @result_list = eval("X2Go::Server::DB::SQLite3::db_$cmd(\@ARGV)") }
- case /.*root/ { $result = eval("X2Go::Server::DB::SQLite3::dbsys_$cmd(\@ARGV)") }
+ case /.*(root|deletemounts)/ { $result = eval("X2Go::Server::DB::SQLite3::dbsys_$cmd(\@ARGV)") }
else { $result = eval("X2Go::Server::DB::SQLite3::db_$cmd(\@ARGV)") }
}
hooks/post-receive
--
x2goserver.git (X2Go Server)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).
More information about the x2go-commits
mailing list