rpms/awstats/FC-4 awstats-6.5-CVE-2006-1945.patch, 1.1, 1.2 awstats.spec, 1.12, 1.13

Aurelien Bompard (abompard) fedora-extras-commits at redhat.com
Tue May 9 09:04:14 UTC 2006


Author: abompard

Update of /cvs/extras/rpms/awstats/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29910/FC-4

Modified Files:
	awstats-6.5-CVE-2006-1945.patch awstats.spec 
Log Message:
really fix CVE-2006-1945

awstats-6.5-CVE-2006-1945.patch:

Index: awstats-6.5-CVE-2006-1945.patch
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-4/awstats-6.5-CVE-2006-1945.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- awstats-6.5-CVE-2006-1945.patch	7 May 2006 23:40:34 -0000	1.1
+++ awstats-6.5-CVE-2006-1945.patch	9 May 2006 09:04:14 -0000	1.2
@@ -1,16 +1,81 @@
-diff -u -r1.860 -r1.861
---- wwwroot/cgi-bin/awstats.pl	9 Jan 2006 18:51:06 -0000	1.860
-+++ wwwroot/cgi-bin/awstats.pl	22 Jan 2006 12:55:14 -0000	1.861
-@@ -5542,7 +5542,7 @@
+--- ./wwwroot/cgi-bin/awstats.pl.CVE-2006-1945	2005-11-24 21:11:19.000000000 +0100
++++ ./wwwroot/cgi-bin/awstats.pl	2006-05-09 10:46:34.000000000 +0200
+@@ -4430,6 +4394,7 @@
+ 
+ #------------------------------------------------------------------------------
+ # Function:     Clean a string of HTML tags to avoid 'Cross Site Scripting attacks'
++#               and clean | char.
+ # Parameters:   stringtoclean
+ # Input:        None
+ # Output:       None
+@@ -4439,6 +4404,7 @@
+ 	my $stringtoclean=shift;
+ 	$stringtoclean =~ s/</</g;
+ 	$stringtoclean =~ s/>/>/g;
++	$stringtoclean =~ s/|//g;
+ 	return $stringtoclean;
+ }
+ 
+@@ -5516,6 +5483,7 @@
+ 'hostfilter','hostfilterex','urlfilter','urlfilterex','refererpagesfilter','refererpagesfilterex',
+ 'pluginmode','filterrawlog');
+ 
++# Parse input parameters and sanitize them for security reasons
+ $QueryString='';
+ # AWStats use GATEWAY_INTERFACE to known if ran as CLI or CGI. AWSTATS_DEL_GATEWAY_INTERFACE can
+ # be set to force AWStats to be ran as CLI even from a web page.
+@@ -5534,7 +5502,7 @@
+ 	    $QueryString =~ s/&/&/g;
+ 	}
+ 
+-	$QueryString = CleanFromCSSA($QueryString);
++	$QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));
+ 
+     # Security test
+ 	if ($QueryString =~ /LogFile=([^&]+)/i)				{ error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }
+@@ -5542,26 +5510,26 @@
  	# No update but report by default when run from a browser
  	$UpdateStats=($QueryString=~/update=1/i?1:0);
  
 -	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&DecodeEncodedString("$1"); }
-+	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }
- 	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }
- 	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
- 	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
-@@ -5591,7 +5591,7 @@
+-	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }
+-	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }
+-	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }
++	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize("$1"); }
++	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }
++	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1",1); }
++	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }
+ 	# All filters
+-	if ($QueryString =~ /hostfilter=([^&]+)/i)			{ $FilterIn{'host'}=&DecodeEncodedString("$1"); }			# Filter on host list can also be defined with hostfilter=filter
+-	if ($QueryString =~ /hostfilterex=([^&]+)/i)		{ $FilterEx{'host'}=&DecodeEncodedString("$1"); }			#
+-	if ($QueryString =~ /urlfilter=([^&]+)/i)			{ $FilterIn{'url'}=&DecodeEncodedString("$1"); }			# Filter on URL list can also be defined with urlfilter=filter
+-	if ($QueryString =~ /urlfilterex=([^&]+)/i)			{ $FilterEx{'url'}=&DecodeEncodedString("$1"); }			#
+-	if ($QueryString =~ /refererpagesfilter=([^&]+)/i)	{ $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); }	# Filter on referer list can also be defined with refererpagesfilter=filter
+-	if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}=&DecodeEncodedString("$1"); }	#
++	if ($QueryString =~ /hostfilter=([^&]+)/i)			{ $FilterIn{'host'}="$1"; }			# Filter on host list can also be defined with hostfilter=filter
++	if ($QueryString =~ /hostfilterex=([^&]+)/i)		{ $FilterEx{'host'}="$1"; }			#
++	if ($QueryString =~ /urlfilter=([^&]+)/i)			{ $FilterIn{'url'}="$1"; }			# Filter on URL list can also be defined with urlfilter=filter
++	if ($QueryString =~ /urlfilterex=([^&]+)/i)			{ $FilterEx{'url'}="$1"; }			#
++	if ($QueryString =~ /refererpagesfilter=([^&]+)/i)	{ $FilterIn{'refererpages'}="$1"; }	# Filter on referer list can also be defined with refererpagesfilter=filter
++	if ($QueryString =~ /refererpagesfilterex=([^&]+)/i) { $FilterEx{'refererpages'}="$1"; }	#
+ 	# All output
+-	if ($QueryString =~ /output=allhosts:([^&]+)/i)		{ $FilterIn{'host'}=&DecodeEncodedString("$1"); }			# Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
+-	if ($QueryString =~ /output=lasthosts:([^&]+)/i)	{ $FilterIn{'host'}=&DecodeEncodedString("$1"); }			# Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
+-	if ($QueryString =~ /output=urldetail:([^&]+)/i)	{ $FilterIn{'url'}=&DecodeEncodedString("$1"); }			# Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
+-	if ($QueryString =~ /output=refererpages:([^&]+)/i)	{ $FilterIn{'refererpages'}=&DecodeEncodedString("$1"); }	# Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
++	if ($QueryString =~ /output=allhosts:([^&]+)/i)		{ $FilterIn{'host'}="$1"; }			# Filter on host list can be defined with output=allhosts:filter to reduce number of lines read and showed
++	if ($QueryString =~ /output=lasthosts:([^&]+)/i)	{ $FilterIn{'host'}="$1"; }			# Filter on host list can be defined with output=lasthosts:filter to reduce number of lines read and showed
++	if ($QueryString =~ /output=urldetail:([^&]+)/i)	{ $FilterIn{'url'}="$1"; }			# Filter on URL list can be defined with output=urldetail:filter to reduce number of lines read and showed
++	if ($QueryString =~ /output=refererpages:([^&]+)/i)	{ $FilterIn{'refererpages'}="$1"; }	# Filter on referer list can be defined with output=refererpages:filter to reduce number of lines read and showed
+ 
+ 	# If migrate
+ 	if ($QueryString =~ /(^|-|&|&)migrate=([^&]+)/i)	{
+-		$MigrateStats=&DecodeEncodedString("$2"); 
++		$MigrateStats=&Sanitize("$2");
+ 		$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
+ 		$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//;		# SiteConfig is used to find config file
+ 	}
+@@ -5591,7 +5559,7 @@
  	# Update with no report by default when run from command line
  	$UpdateStats=1;
  
@@ -19,3 +84,12 @@
  	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }
  	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1",1); }
  	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }
+@@ -5625,8 +5593,6 @@
+ if ($QueryString =~ /(^|&|&)databasebreak=(\w+)/i)	{ $DatabaseBreak=$2; }
+ if ($QueryString =~ /(^|&|&)updatefor=(\d+)/i)		{ $UpdateFor=$2; }
+ if ($QueryString =~ /(^|&|&)noloadplugin=([^&]+)/i)	{ foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=1; } }
+-#Removed for security reasons
+-#if ($QueryString =~ /(^|&|&)loadplugin=([^&]+)/i)		{ foreach (split(/,/,$2)) { $NoLoadPlugin{&Sanitize("$_",1)}=-1; } }
+ if ($QueryString =~ /(^|&|&)limitflush=(\d+)/i)		{ $LIMITFLUSH=$2; }
+ # Get/Define output
+ if ($QueryString =~ /(^|&|&)output(=[^&]*|)(.*)(&|&)output(=[^&]*|)(&|$)/i) { error("Only 1 output option is allowed","","",1); }


Index: awstats.spec
===================================================================
RCS file: /cvs/extras/rpms/awstats/FC-4/awstats.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- awstats.spec	7 May 2006 23:49:26 -0000	1.12
+++ awstats.spec	9 May 2006 09:04:14 -0000	1.13
@@ -1,6 +1,6 @@
 Name:       awstats
 Version:    6.5
-Release:    2%{?dist}
+Release:    3%{?dist}
 Summary:    Advanced Web Statistics
 License:    GPL
 Group:      Applications/Internet
@@ -154,6 +154,9 @@
 %{_datadir}/%{name}/wwwroot/js
 
 %changelog
+* Tue May 09 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-3
+- really fix CVE-2006-1945...
+
 * Mon May 08 2006 Aurelien Bompard <gauret[AT]free.fr> 6.5-2
 - add patch to fix CVE-2006-1945 (bugs 190921, 190922 and 190923)
 




More information about the fedora-extras-commits mailing list