From 1ee8c6bef293ea00fd0643843d87cc6784b20527 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 10 Oct 2007 13:23:41 +0000 Subject: Limit the allowed characters in a request to [a-zA-Z0-9-_.:/= ] everything else will cause an "invalid character in input" error. Fixes xss issue noticed by Anton Karpov. OK henning@, sthen@ --- usr.bin/bgplg/bgplg.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/bgplg/bgplg.c b/usr.bin/bgplg/bgplg.c index b034cdfdbd4..db8cae0ca4d 100644 --- a/usr.bin/bgplg/bgplg.c +++ b/usr.bin/bgplg/bgplg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bgplg.c,v 1.6 2007/09/13 23:32:39 cloder Exp $ */ +/* $OpenBSD: bgplg.c,v 1.7 2007/10/10 13:23:40 claudio Exp $ */ /* * Copyright (c) 2005, 2006 Reyk Floeter @@ -109,16 +109,15 @@ lg_getenv(const char *name, int *lenp) *lenp = len; #define allowed_in_string(_x) \ - ((isalnum(_x) || isprint(_x)) && \ - (_x != '%' && _x != '\\' && _x != ';' && _x != '|')) + (isalnum(_x) || strchr("-_.:/= ", _x)) for (i = 0; i < len; i++) { + if (ptr[i] == '&') + ptr[i] = '\0'; if (!allowed_in_string(ptr[i])) { printf("invalid character in input\n"); return (NULL); } - if (ptr[i] == '&') - ptr[i] = '\0'; } return (ptr); -- cgit v1.2.3