[security] fixing DO_ACTIONS.PHP for REALPATH.
This commit is contained in:
Benjamin Sonntag
parent
13ee5ce1dc
commit
10e006bdbe
|
|
@ -119,6 +119,24 @@ function execute_cmd($command, $parameters=array()) {
|
|||
return array('executed' => $cmd_line, 'output'=>$output, 'return_var'=>$code);
|
||||
}
|
||||
|
||||
/** Check if a file or folder is in the list of allowed
|
||||
* path (after dereferencing all ../ and symlinks
|
||||
* @param $path string the path to check against
|
||||
* @return string the dereferenced path, or FALSE if the path is NOT allowed (/var/www/alternc /var/mail/alternc)
|
||||
*/
|
||||
function my_realpath($path) {
|
||||
global $L_ALTERNC_HTML, $L_ALTERNC_MAIL;
|
||||
// add here any allowed path:
|
||||
$allowed=array(realpath($L_ALTERNC_HTML)."/", realpath($L_ALTERNC_MAIL)."/");
|
||||
$path=realpath($path);
|
||||
foreach($allowed as $one) {
|
||||
// the path must be BELOW each allowed folder. forbid anything
|
||||
if (strlen($path)>strlen($one) && substr($path,0,strlen($one))==$one) {
|
||||
return $path;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if script isn't already running
|
||||
if (file_exists(ALTERNC_DO_ACTION_LOCK) !== false){
|
||||
|
|
@ -197,7 +215,11 @@ while ($rr=$action->get_action()){
|
|||
$returned = execute_cmd("$FIXPERM -u", $params["uid"]);
|
||||
break;
|
||||
case "CHMOD" :
|
||||
$filename=$params["filename"];
|
||||
$filename=my_realpath($params["filename"]);
|
||||
if ($filename===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
$perms=$params["perms"];
|
||||
// Checks the file or directory exists
|
||||
if( !is_dir($filename) && ! is_file($filename)){
|
||||
|
|
@ -214,6 +236,13 @@ while ($rr=$action->get_action()){
|
|||
|
||||
break;
|
||||
case "CREATE_FILE" :
|
||||
$dirname=my_realpath(dirname($params["filename"]));
|
||||
$filename=basename($params["filename"]);
|
||||
if ($dirname===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
$params["file"]=$dirname.DIRECTORY_SEPARATOR.$filename;
|
||||
if(!file_exists($params["file"])) {
|
||||
if ( file_put_contents($params["file"], $params["content"]) === false ) {
|
||||
$errorsList=array("Fail: can't write into file ".$params["file"]);
|
||||
|
|
@ -227,16 +256,41 @@ while ($rr=$action->get_action()){
|
|||
}
|
||||
break;
|
||||
case "CREATE_DIR" :
|
||||
$dirname=my_realpath(dirname($params["dir"]));
|
||||
$filename=basename($params["dir"]);
|
||||
if ($dirname===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
$params["dir"]=$dirname.DIRECTORY_SEPARATOR.$filename;
|
||||
// Create the directory and make parent directories as needed
|
||||
$returned = execute_cmd("$SU mkdir", array('-p', $params["dir"]));
|
||||
break;
|
||||
case "DELETE" :
|
||||
$dirname=my_realpath($params["dir"]);
|
||||
if ($dirname===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
// Delete file/directory and its contents recursively
|
||||
$returned = execute_cmd("$SU rm", array('-rf', $params["dir"]));
|
||||
$returned = execute_cmd("$SU rm", array('-rf', $dirname));
|
||||
break;
|
||||
case "MOVE" :
|
||||
// If destination dir does not exists, create it
|
||||
if(!is_dir($params["dst"]))
|
||||
$dirname=my_realpath(dirname($params["dst"]));
|
||||
$filename=basename($params["dst"]);
|
||||
if ($dirname===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
$params["dst"]=$dirname.DIRECTORY_SEPARATOR.$filename;
|
||||
$params["src"]=my_realpath($params["src"]);
|
||||
if ($params["src"]===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
|
||||
if (!is_dir($params["dst"]))
|
||||
if ( @mkdir($params["dst"], 0777, true)) {
|
||||
if ( @chown($params["dst"], $r["user"]) ) {
|
||||
$returned = execute_cmd("$SU mv -f", array($params["src"], $params["dst"]));
|
||||
|
|
@ -247,12 +301,22 @@ while ($rr=$action->get_action()){
|
|||
|
||||
break;
|
||||
case "FIX_DIR" :
|
||||
$params["dir"]=my_realpath($params["dir"]);
|
||||
if ($params["dir"]===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
$returned = execute_cmd($FIXPERM, array('-d', $params["dir"]));
|
||||
if($returned['return_val'] != 0) {
|
||||
$errorsList=array("Fixperms.sh failed, returned error code : ".$returned['return_val']);
|
||||
}
|
||||
break;
|
||||
case "FIX_FILE" :
|
||||
$params["file"]=my_realpath($params["file"]);
|
||||
if ($params["file"]===false) {
|
||||
$errorsList=array("Fail: path not allowed");
|
||||
break;
|
||||
}
|
||||
$returned = execute_cmd($FIXPERM, array('-f', $params["file"]));
|
||||
if($returned['return_val'] != 0){
|
||||
$errorsList=array("Fixperms.sh failed, returned error code : ".$returned['return_val']);
|
||||
|
|
|
|||
Loading…
Reference in New Issue