| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jun 2005 09:02:09 -0500
From: Jonathan Angliss <jon@...dork.net>
To: Oliver Monneke <oliver@...ersquad.de>
Cc: y0int@...oo.it, bugtraq@...urityfocus.com
Subject: Re: Arbitrary code execution in eping plugin
Hello Oliver,
Friday, June 10, 2005, 3:35:41 PM, you wrote:
> the problem is in function eping_validaddr() in functions.php where the
> host is checked if it is valid as the name says...
> But the only check is to see if it is a valid ip adress for eping, here
> is the code:
> --------------8<-----------------------------------------8<-------------------------------------
> function eping_validaddr($eping_hosttocheck)
> {
[..]
> }
> --------------8<-----------------------------------------8<-------------------------------------
> I am sorry but I am a coder and my eyes are bleeding when looking at
> stuff like that so here is my suggestion for replaceing the if-statement:
> if(preg_match("/^[0-9]{2,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?$/",
> $eping_hosttocheck))
A better solution would be to limit the scope of the regex and use ^
and $ on the regex the original code has in place. I'd personally use:
If (preg_match("/^((25[0-5]|2[0-4][0-9]|1?\d{1,2})\.){3}((25[0-5]|2[0-4][0-9]|1?\d{1,2}))$/", $eping_hosttocheck))
Won't match IPv6 addresses, but neither will the original code, and it
matches IP addresses perfectly I believe.
--
Jonathan Angliss
<jon@...dork.net>
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists