Security fix for CVE-2012-4547,

awstats: potentially susceptible to XSS attacks ok rpe@ (MAINTAINER)
2012-11-19 07:35:04 +00:00 · 2012-11-19 07:35:04 +00:00 · b27867067a
commit b27867067a
parent 36d215719d
2 changed files with 53 additions and 1 deletions
--- a/www/awstats/Makefile
+++ b/www/awstats/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2012/11/18 10:53:30 rpe Exp $
+# $OpenBSD: Makefile,v 1.2 2012/11/19 07:35:04 jasper Exp $

 COMMENT=		free real-time logfile analyzer

 DISTNAME=		awstats-7.0
+REVISION=		0

 CATEGORIES=		www

--- a/www/awstats/patches/patch-wwwroot_cgi-bin_awredir_pl
+++ b/www/awstats/patches/patch-wwwroot_cgi-bin_awredir_pl
@ -0,0 +1,51 @@
+$OpenBSD: patch-wwwroot_cgi-bin_awredir_pl,v 1.1 2012/11/19 07:35:04 jasper Exp $
+
+Security fix for CVE-2012-4547,
+awstats: potentially susceptible to XSS attacks
+
+Patch via https://bugzilla.redhat.com/show_bug.cgi?id=871159
+
+--- wwwroot/cgi-bin/awredir.pl.orig	Sat Jan  3 11:42:04 2009
+++ wwwroot/cgi-bin/awredir.pl	Sun Nov 18 20:32:40 2012
+@@ -73,7 +73,28 @@ sub DecodeEncodedString {
+ 	return $stringtodecode;
+ }
+ 
+#------------------------------------------------------------------------------
+# Function:     Clean a string of HTML tags to avoid 'Cross Site Scripting attacks'
+#               and clean | char.
+# Parameters:   stringtoclean
+# Input:        None
+# Output:       None
+# Return:		cleanedstring
+#------------------------------------------------------------------------------
+sub CleanXSS {
+	my $stringtoclean = shift;
+ 
+	# To avoid html tags and javascript
+	$stringtoclean =~ s/</&lt;/g;
+	$stringtoclean =~ s/>/&gt;/g;
+	$stringtoclean =~ s/|//g;
+
+	# To avoid onload="
+	$stringtoclean =~ s/onload//g;
+	return $stringtoclean;
+}
+
+
+ #-------------------------------------------------------
+ # MAIN
+ #-------------------------------------------------------
+@@ -123,6 +144,12 @@ if ($Url =~ /url=\"([^\"]+)\"/) { $Url=$1; }
+ elsif ($Url =~ /url=(.+)$/) { $Url=$1; }
+ $Url = DecodeEncodedString($Url);
+ $UrlParam=$Url;
+
+# Sanitize parameters
+$Tag=CleanXSS($Tag);
+$Key=CleanXSS($Key);
+$UrlParam=CleanXSS($UrlParam);
+
+ 
+ if (! $UrlParam) {
+         error("Error: Bad use of $PROG. To redirect an URL with $PROG, use the following syntax:<br><i>/cgi-bin/$PROG.pl?url=http://urltogo</i>");