kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/squidclamav/files/patch-cve-2012-4667
Eygene Ryabinkin e4591b9585 security/squidclamav: fix DoS and XSS vulnerabilities 
Apply upstream patches for CVE-2012-3501 and CVE-2012-4667.

Security:	http://www.vuxml.org/freebsd/ce680f0a-eea6-11e1-8bd8-0022156e8794.html
Security:	http://www.vuxml.org/freebsd/8defa0f9-ee8a-11e1-8bd8-0022156e8794.html
PR:		171022
QA page:	http://codelabs.ru/fbsd/ports/qa/security/squidclamav/5.7_1
Approved by:	maintainer timeout (1 week)
2012-09-04 13:45:28 +00:00

124 lines
4.3 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Fixes CVE-2012-4667, XSS in clwarn.cgi
Integrated to 5.8 and 6.7.
Obtained-from: https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b.diff
diff --git a/cgi-bin/clwarn.cgi b/cgi-bin/clwarn.cgi
index 9333bef..a43eca7 100755
--- cgi-bin/clwarn.cgi
+++ cgi-bin/clwarn.cgi
@@ -7,11 +7,11 @@ my $VERSION = '6.6';
my $cgi = new CGI;
-my $url = $cgi->param('url') || '';
-my $virus = $cgi->param('virus') || '';
-my $source = $cgi->param('source') || '';
+my $url = CGI::escapeHTML($cgi->param('url')) || '';
+my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
+my $source = CGI::escapeHTML($cgi->param('source')) || '';
$source =~ s/\/-//;
-my $user = $cgi->param('user') || '';
+my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
diff --git a/cgi-bin/clwarn.cgi.de_DE b/cgi-bin/clwarn.cgi.de_DE
index 700c3df..3f21180 100755
--- cgi-bin/clwarn.cgi.de_DE
+++ cgi-bin/clwarn.cgi.de_DE
@@ -7,11 +7,11 @@ my $VERSION = '6.6';
my $cgi = new CGI;
-my $url = $cgi->param('url') || '';
-my $virus = $cgi->param('virus') || '';
-my $source = $cgi->param('source') || '';
+my $url = CGI::escapeHTML($cgi->param('url')) || '';
+my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
+my $source = CGI::escapeHTML($cgi->param('source')) || '';
$source =~ s/\/-//;
-my $user = $cgi->param('user') || '';
+my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $TITLE_VIRUS = "Virus Alarm";
my $subtitle = 'enthält folgenden Virus';
diff --git a/cgi-bin/clwarn.cgi.en_EN b/cgi-bin/clwarn.cgi.en_EN
index d246e54..6e70e46 100755
--- cgi-bin/clwarn.cgi.en_EN
+++ cgi-bin/clwarn.cgi.en_EN
@@ -7,11 +7,11 @@ my $VERSION = '6.6';
my $cgi = new CGI;
-my $url = $cgi->param('url') || '';
-my $virus = $cgi->param('virus') || '';
-my $source = $cgi->param('source') || '';
+my $url = CGI::escapeHTML($cgi->param('url')) || '';
+my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
+my $source = CGI::escapeHTML($cgi->param('source')) || '';
$source =~ s/\/-//;
-my $user = $cgi->param('user') || '';
+my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
my $subtitle = 'contains the virus';
diff --git a/cgi-bin/clwarn.cgi.fr_FR b/cgi-bin/clwarn.cgi.fr_FR
index c0b3896..323fa30 100755
--- cgi-bin/clwarn.cgi.fr_FR
+++ cgi-bin/clwarn.cgi.fr_FR
@@ -7,11 +7,11 @@ my $VERSION = '6.6';
my $cgi = new CGI;
-my $url = $cgi->param('url') || '';
-my $virus = $cgi->param('virus') || '';
-my $source = $cgi->param('source') || '';
+my $url = CGI::escapeHTML($cgi->param('url')) || '';
+my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
+my $source = CGI::escapeHTML($cgi->param('source')) || '';
$source =~ s/\/-//;
-my $user = $cgi->param('user') || '';
+my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection";
my $subtitle = 'contient le virus';
diff --git a/cgi-bin/clwarn.cgi.pt_BR b/cgi-bin/clwarn.cgi.pt_BR
index 6bf12a0..1a6492a 100755
--- cgi-bin/clwarn.cgi.pt_BR
+++ cgi-bin/clwarn.cgi.pt_BR
@@ -7,8 +7,11 @@ my $VERSION = '6.6';
my $cgi = new CGI;
-my $url = $cgi->param('url') || '';
-my $virus = $cgi->param('virus') || '';
+my $url = CGI::escapeHTML($cgi->param('url')) || '';
+my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
+my $source = CGI::escapeHTML($cgi->param('source')) || '';
+$source =~ s/\/-//;
+my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $TITLE_VIRUS = "SquidClamAv $VERSION: Foi detectado um vírus!";
my $subtitle = 'está infectada pelo vírus';
diff --git a/cgi-bin/clwarn.cgi.ru_RU b/cgi-bin/clwarn.cgi.ru_RU
index 21e4d94..1e82a0b 100755
--- cgi-bin/clwarn.cgi.ru_RU
+++ cgi-bin/clwarn.cgi.ru_RU
@@ -7,11 +7,11 @@ my $VERSION = '6.6';
my $cgi = new CGI;
-my $url = $cgi->param('url') || '';
-my $virus = $cgi->param('virus') || '';
-my $source = $cgi->param('source') || '';
+my $url = CGI::escapeHTML($cgi->param('url')) || '';
+my $virus = CGI::escapeHTML($cgi->param('virus')) || '';
+my $source = CGI::escapeHTML($cgi->param('source')) || '';
$source =~ s/\/-//;
-my $user = $cgi->param('user') || '';
+my $user = CGI::escapeHTML($cgi->param('user')) || '';
my $TITLE_VIRUS = "SquidClamAv $VERSION: Обнаружен вируÑ<C692>!";
my $subtitle = 'Ñ<>Ð¾Ð´ÐµÑ€Ð¶Ð¸Ñ Ð²Ð¸Ñ€ÑƒÑ<C692>';
Reference in a new issue View git blame Copy permalink