Article delegate-en/1801 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1787@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] fixes for cross-site scripting
01 Aug 2002 16:30:03 GMT feedback@delegate.org (Yutaka Sato)


The enclosed patch fixes several cross-site scripting vulnerabilities
in DeleGate.  It is a patch for DeleGate/7.9.10 but will be applicable
to earlier versions by hand.

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


diff -cr ../delegate7.9.10/src/http.c ./src/http.c
*** ../delegate7.9.10/src/http.c	Wed Jul 17 06:26:29 2002
--- ./src/http.c	Thu Aug  1 23:48:25 2002
***************
*** 2028,2033 ****
--- 2028,2034 ----
  	fprintf(tc,"Content-Type: text/plain\r\n");
  	fprintf(tc,"Connection: close\r\n");
  	fprintf(tc,"\r\n");
+ 	fprintf(tc,"<plaintext>\r\n");
  	if( reason )
  		fprintf(tc,"Bad Request: %s\r\n",reason);
  	else	fprintf(tc,"Bad Request\r\n");
***************
*** 2046,2051 ****
--- 2047,2053 ----
  	fprintf(tc,"Content-Type: text/plain\r\n");
  	fprintf(tc,"Connection: close\r\n");
  	fprintf(tc,"\r\n");
+ 	fprintf(tc,"<plaintext>\r\n");
  
  	fprintf(tc,"Bad Response:\r\n%s\r\n\r\n",BadServResponse);
  	fprintf(tc,"Original Request:\r\n%s\r\n\r\n",OREQ_MSG);
diff -cr ../delegate7.9.10/src/gacl.c ./src/gacl.c
*** ../delegate7.9.10/src/gacl.c	Tue Dec 21 19:23:38 1999
--- ./src/gacl.c	Thu Aug  1 23:58:50 2002
***************
*** 291,296 ****
--- 291,302 ----
  	FILE *admfp;
  	char line[1024];
  
+ 	nonxalpha_unescape(search,search,0);
+ 	if( np = strpbrk(search,"\"'<>") ){
+ 		sv1log("WARNING: ignore delimiters in query [%s]\n",search);
+ 		*np = 0;
+ 	}
+ 
  	sub[0] = 0;
  	sscanf(search,"Admin=%[^&]",sub);
  
diff -cr ../delegate7.9.10/src/httphead.c ./src/httphead.c
*** ../delegate7.9.10/src/httphead.c	Mon Jun 24 04:49:21 2002
--- ./src/httphead.c	Fri Aug  2 00:45:46 2002
***************
*** 1160,1165 ****
--- 1160,1174 ----
  	}
  	wordscanX(cp,xaval,avsiz);
  	str_from64(xaval,strlen(xaval),aval,avsiz);
+ 	if( strcasecmp(atype,"basic") == 0 ){
+ 		char *dp = wordscanY(aval,xaval,sizeof(xaval),"^:");
+ 		if( cp = strpbrk(xaval,"\"'<>") ){
+ 			sv1log("WARNING: erase delimiter in Authorization[%s]\n",
+ 				xaval);
+ 			*cp = 0;
+ 			Strrplc(aval,dp-aval,xaval);
+ 		}
+ 	}
  	return 2;
  }
  HTTP_getAuthorization(Conn,proxy,ident,decomp)

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V