diff options
| author | ivan <ivan> | 2011-04-18 23:15:19 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2011-04-18 23:15:19 +0000 |
| commit | b5c4237a34aef94976bc343c8d9e138664fc3984 (patch) | |
| tree | ba7cb2c13c199b1012c661fcf4f248e7b7e3d36f /rt/bin | |
| parent | 96a0d937cdfe26d691e59139088e33e0bc3e1184 (diff) | |
| parent | 75162bb14b3e38d66617077843f4dfdcaf09d5c4 (diff) | |
This commit was generated by cvs2svn to compensate for changes in r11022,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'rt/bin')
| -rw-r--r-- | rt/bin/fastcgi_server.in | 12 | ||||
| -rw-r--r-- | rt/bin/mason_handler.fcgi.in | 11 | ||||
| -rw-r--r-- | rt/bin/mason_handler.scgi.in | 12 | ||||
| -rw-r--r-- | rt/bin/mason_handler.svc.in | 11 | ||||
| -rw-r--r-- | rt/bin/rt.in | 10 | ||||
| -rw-r--r-- | rt/bin/webmux.pl.in | 17 |
6 files changed, 67 insertions, 6 deletions
diff --git a/rt/bin/fastcgi_server.in b/rt/bin/fastcgi_server.in index 2aa953168..d6df63c7d 100644 --- a/rt/bin/fastcgi_server.in +++ b/rt/bin/fastcgi_server.in @@ -230,6 +230,18 @@ while ( my $cgi = CGI::Fast->new ) { Module::Refresh->refresh if RT->Config->Get('DevelMode'); RT::ConnectToDatabase(); + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + $proc_manager->pm_post_dispatch; + + next; + } + my $interp = $RT::Mason::Handler->interp; if ( !$interp->comp_exists( $cgi->path_info ) diff --git a/rt/bin/mason_handler.fcgi.in b/rt/bin/mason_handler.fcgi.in index b980bc188..4682abf16 100644 --- a/rt/bin/mason_handler.fcgi.in +++ b/rt/bin/mason_handler.fcgi.in @@ -68,6 +68,17 @@ while ( my $cgi = CGI::Fast->new ) { Module::Refresh->refresh if RT->Config->Get('DevelMode'); RT::ConnectToDatabase(); + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + next; + } + my $interp = $RT::Mason::Handler->interp; if ( !$interp->comp_exists( $cgi->path_info ) diff --git a/rt/bin/mason_handler.scgi.in b/rt/bin/mason_handler.scgi.in index 5b6a7e272..fa771b783 100644 --- a/rt/bin/mason_handler.scgi.in +++ b/rt/bin/mason_handler.scgi.in @@ -57,6 +57,18 @@ require (dirname(__FILE__) . '/webmux.pl'); require CGI; my $cgi = CGI->new; + +# Each environment has its own way of handling .. and so on in paths, +# so RT consistently forbids such paths. +if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + return 0; +} + if ( ( !$Handler->interp->comp_exists( $cgi->path_info ) ) && ( $Handler->interp->comp_exists( $cgi->path_info . "/index.html" ) ) ) { $cgi->path_info( $cgi->path_info . "/index.html" ); diff --git a/rt/bin/mason_handler.svc.in b/rt/bin/mason_handler.svc.in index 2cbf4357a..119b110db 100644 --- a/rt/bin/mason_handler.svc.in +++ b/rt/bin/mason_handler.svc.in @@ -234,6 +234,17 @@ $Handler ||= RT::Interface::Web::Handler->new( while( my $cgi = CGI::Fast->new ) { my $comp = $ENV{'PATH_INFO'}; + # Each environment has its own way of handling .. and so on in paths, + # so RT consistently forbids such paths. + if ( $cgi->path_info =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$cgi->path_info." aborting"); + print STDOUT "HTTP/1.0 400\r\n\r\n"; + + RT::Interface::Web::Handler->CleanupRequest(); + + next; + } + $comp = $1 if ($comp =~ /^(.*)$/); my $web_path = RT->Config->Get('WebPath'); $comp =~ s|^\Q$web_path\E\b||i; diff --git a/rt/bin/rt.in b/rt/bin/rt.in index 308950c14..aefe7af72 100644 --- a/rt/bin/rt.in +++ b/rt/bin/rt.in @@ -1166,7 +1166,7 @@ sub submit { $file ||= $self->{file}; local *F; - open(F, $file) && do { + open(F, '<', $file) && do { $self->{file} = $file; my $sids = $self->{sids} = {}; while (<F>) { @@ -1187,7 +1187,7 @@ sub submit { $file ||= $self->{file}; local *F; - open(F, ">$file") && do { + open(F, '>', $file) && do { my $sids = $self->{sids}; foreach my $server (keys %$sids) { foreach my $user (keys %{ $sids->{$server} }) { @@ -1429,7 +1429,7 @@ sub parse_config_file { my ($file) = @_; local $_; # $_ may be aliased to a constant, from line 1163 - open(CFG, $file) && do { + open(CFG, '<', $file) && do { while (<CFG>) { chomp; next if (/^#/ || /^\s*$/); @@ -1479,9 +1479,9 @@ sub vi { local *F; local $/ = undef; - open(F, ">$file") || die "$file: $!\n"; print F $text; close(F); + open(F, '>', $file) or die "$file: $!\n"; print F $text; close(F); system($editor, $file) && die "Couldn't run $editor.\n"; - open(F, $file) || die "$file: $!\n"; $text = <F>; close(F); + open(F, '<', $file) or die "$file: $!\n"; $text = <F>; close(F); unlink($file); return $text; diff --git a/rt/bin/webmux.pl.in b/rt/bin/webmux.pl.in index 8086177af..7aae041b3 100644 --- a/rt/bin/webmux.pl.in +++ b/rt/bin/webmux.pl.in @@ -73,7 +73,8 @@ sub handler { # and make all system() and open "|-" dangerouse, for example DBI # can get this FD for DB connection and system() call will close # by putting grabage into the socket - open $protect_fd, '>/dev/null' or die "Couldn't open /dev/null: $!"; + open( $protect_fd, '>', '/dev/null' ) + or die "Couldn't open /dev/null: $!"; unless ( fileno($protect_fd) == 1 ) { warn "We opened /dev/null to protect FD #1, but descriptor #1 is already occupied"; } @@ -93,6 +94,20 @@ sub handler { RT::ConnectToDatabase(); + # none of the methods in $r gives us the information we want (most + # canonicalize /foo/../bar to /bar which is exactly what we want to avoid) + my (undef, $requested) = split ' ', $r->the_request, 3; + my $uri = URI->new("http://".$r->hostname.$requested); + my $path = URI::Escape::uri_unescape($uri->path); + + ## Each environment has its own way of handling .. and so on in paths, + ## so RT consistently forbids such paths. + if ( $path =~ m{/\.} ) { + $RT::Logger->crit("Invalid request for ".$path." aborting"); + RT::Interface::Web::Handler->CleanupRequest(); + return 400; + } + my (%session, $status); { local $@; |