diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2007-10-10 13:23:41 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2007-10-10 13:23:41 +0000 |
| commit | 1ee8c6bef293ea00fd0643843d87cc6784b20527 (patch) | |
| tree | 07e937cb19fc401d6fbc3a07fbc36629bc0bac3a /usr.bin | |
| parent | ef03f509d16a27dba23c36dfe4e9b8823d53ad7e (diff) | |
Limit the allowed characters in a request to [a-zA-Z0-9-_.:/= ] everything
else will cause an "invalid character in input" error.
Fixes xss issue noticed by Anton Karpov.
OK henning@, sthen@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/bgplg/bgplg.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/usr.bin/bgplg/bgplg.c b/usr.bin/bgplg/bgplg.c index b034cdfdbd4..db8cae0ca4d 100644 --- a/usr.bin/bgplg/bgplg.c +++ b/usr.bin/bgplg/bgplg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgplg.c,v 1.6 2007/09/13 23:32:39 cloder Exp $ */ +/* $OpenBSD: bgplg.c,v 1.7 2007/10/10 13:23:40 claudio Exp $ */ /* * Copyright (c) 2005, 2006 Reyk Floeter <reyk@vantronix.net> @@ -109,16 +109,15 @@ lg_getenv(const char *name, int *lenp) *lenp = len; #define allowed_in_string(_x) \ - ((isalnum(_x) || isprint(_x)) && \ - (_x != '%' && _x != '\\' && _x != ';' && _x != '|')) + (isalnum(_x) || strchr("-_.:/= ", _x)) for (i = 0; i < len; i++) { + if (ptr[i] == '&') + ptr[i] = '\0'; if (!allowed_in_string(ptr[i])) { printf("invalid character in input\n"); return (NULL); } - if (ptr[i] == '&') - ptr[i] = '\0'; } return (ptr); |