Univention Bugzilla – Attachment 9117 Details for
Bug 41005
zoneName=../../../../../etc/shadow,cn=dns,dc=foo
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
sanitizing.patch
sanitizing.patch (text/plain), 4.50 KB, created by
Janek Walkenhorst
on 2017-08-14 18:11:14 CEST
(
hide
)
Description:
sanitizing.patch
Filename:
MIME Type:
Creator:
Janek Walkenhorst
Created:
2017-08-14 18:11:14 CEST
Size:
4.50 KB
patch
obsolete
>commit 324d10944c55d94dcfba78cd1831e14bc4fff543 >Author: Janek Walkenhorst <walkenhorst@univention.de> >Date: Mon Aug 14 16:44:31 2017 +0200 > > sanitizing > >diff --git a/services/univention-bind/bind.py b/services/univention-bind/bind.py >index 8b86a0b..6e8bbe9 100755 >--- a/services/univention-bind/bind.py >+++ b/services/univention-bind/bind.py >@@ -45,6 +45,7 @@ import time > import errno > import signal > import grp >+import urllib > > name = 'bind' > description = 'Update BIND zones' >@@ -98,9 +99,11 @@ def handler(dn, new, old): > _remove_zone(old['zoneName'][0]) > if new.get('zoneName'): > # Change >- # Create an empty file to trigger the postrun() >- zonefile = os.path.join(PROXY_CACHE_DIR, "%s.zone" % (new['zoneName'][0],)) >+ # Create a file to trigger the postrun() >+ zone = new['zoneName'][0] >+ zonefile = sanitized_path_join(PROXY_CACHE_DIR, "%s.zone" % (zone, )) > proxy_cache = open(zonefile, 'w') >+ proxy_cache.write(zone) > proxy_cache.close() > os.chmod(zonefile, 0o640) > chgrp_bind(zonefile) >@@ -125,7 +128,7 @@ def _new_zone(ucr, zonename, dn): > os.mkdir(NAMED_CONF_DIR) > os.chmod(NAMED_CONF_DIR, 0o755) > >- zonefile = os.path.join(NAMED_CONF_DIR, zonename) >+ zonefile = sanitized_path_join(NAMED_CONF_DIR, zonename) > > # Create empty file and restrict permission > named_zone = open(zonefile, 'w') >@@ -149,11 +152,11 @@ def _new_zone(ucr, zonename, dn): > named_zone.close() > > # Create proxy configuration file >- proxy_file = os.path.join(NAMED_CONF_DIR, zonename + '.proxy') >+ proxy_file = sanitized_path_join(NAMED_CONF_DIR, zonename + '.proxy') > proxy_zone = open(proxy_file, 'w') > proxy_zone.write('zone "%s" {\n' % (zonename,)) > proxy_zone.write('\ttype slave;\n') >- proxy_zone.write('\tfile "%s.zone";\n' % (zonename,)) >+ proxy_zone.write('\tfile "%s.zone";\n' % (sanitize_filename(zonename),)) > proxy_zone.write('\tmasters port 7777 { 127.0.0.1; };\n') > proxy_zone.write('};\n') > proxy_zone.close() >@@ -167,8 +170,8 @@ def _new_zone(ucr, zonename, dn): > def _remove_zone(zonename): > """Handle removal of zone.""" > ud.debug(ud.LISTENER, ud.INFO, 'DNS: Removing zone %s' % (zonename,)) >- zonefile = os.path.join(NAMED_CONF_DIR, zonename) >- cached_zonefile = os.path.join(NAMED_CACHE_DIR, zonename + '.zone') >+ zonefile = sanitized_path_join(NAMED_CONF_DIR, zonename) >+ cached_zonefile = sanitized_path_join(NAMED_CACHE_DIR, zonename + '.zone') > # Remove zone file > if os.path.exists(zonefile): > os.unlink(zonefile) >@@ -318,13 +321,18 @@ def postrun(): > __zone_created_or_removed = False > elif dns_backend == 'ldap': > for filename in os.listdir(PROXY_CACHE_DIR): >- os.remove(os.path.join(PROXY_CACHE_DIR, filename)) >+ filepath = os.path.join(PROXY_CACHE_DIR, filename) >+ zone = open(filepath, 'rb').read() >+ os.remove(filepath) > if not os.path.exists(os.path.join(NAMED_CACHE_DIR, filename)): > ud.debug(ud.LISTENER, ud.PROCESS, 'DNS: %s does not exist. Triggering a bind9 restart.' % (os.path.join(NAMED_CACHE_DIR, filename))) > restart = True > else: >- zone = filename.replace(".zone", "") >- zones.append(zone) >+ _, ext = os.path.splitext(filename) >+ if ext == '.zone': >+ zones.append(zone) >+ else: >+ ud.debug(ud.LISTENER, ud.WARN, 'DNS: strange file in PROXY_CACHE_DIR: %r' % (filename, )) > if zones: > ud.debug(ud.LISTENER, ud.INFO, 'DNS: Zones: %s' % (zones,)) > elif dns_backend == 'none': >@@ -341,3 +349,16 @@ def postrun(): > _kill_children(pids) > finally: > listener.unsetuid() >+ >+def sanitize_filename(bytestring): >+ escaped = urllib.quote(bytestring, safe='') >+ if escaped.startswith('.'): # always encode leading dot because '.' and '..' are special names >+ escaped = '%20' + escaped[1:] >+ return escaped >+ >+def sanitized_path_join(directory, unsafe_filename): >+ filename = sanitize_filename(unsafe_filename) >+ assert '/' not in filename >+ assert '\0' not in filename >+ assert filename not in ('.', '..', ) >+ return os.path.join(directory, filename) >diff --git a/services/univention-bind/debian/univention-bind.postinst b/services/univention-bind/debian/univention-bind.postinst >index 93e1583..87fe36c 100644 >--- a/services/univention-bind/debian/univention-bind.postinst >+++ b/services/univention-bind/debian/univention-bind.postinst >@@ -82,6 +82,10 @@ if [ "$1" = "configure" ]; then > systemctl --system daemon-reload > } > if [ -n "$2" ]; then >+ if dpkg --compare-versions "$2" lt 10.0.2-6 # update to sanitized filenames >+ then >+ univention-directory-listener-ctrl resync bind >+ fi > invoke-rc.d bind9 crestart > else > invoke-rc.d bind9 start
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9117">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 41005
:
7788
| 9117 |
9118
|
9996