lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1346951001.20050614090209@netdork.net>
Date: Tue, 14 Jun 2005 09:02:09 -0500
From: Jonathan Angliss <jon@...dork.net>
To: Oliver Monneke <oliver@...ersquad.de>
Cc: y0int@...oo.it, bugtraq@...urityfocus.com
Subject: Re: Arbitrary code execution in eping plugin

Hello Oliver,
Friday, June 10, 2005, 3:35:41 PM, you wrote:

> the problem is in function eping_validaddr() in functions.php where the
> host is checked if it is valid as the name says...
> But the only check is to see if it is a valid ip adress for eping, here
> is the code:

> --------------8<-----------------------------------------8<-------------------------------------
> function eping_validaddr($eping_hosttocheck)
> {
[..]
> }
> --------------8<-----------------------------------------8<-------------------------------------

> I am sorry but I am a coder and my eyes are bleeding when looking at
> stuff like that so here is my suggestion for replaceing the if-statement:
> if(preg_match("/^[0-9]{2,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?$/",
> $eping_hosttocheck))

A better solution would be to limit the scope of the regex and use ^
and $ on the regex the original code has in place. I'd personally use:

If (preg_match("/^((25[0-5]|2[0-4][0-9]|1?\d{1,2})\.){3}((25[0-5]|2[0-4][0-9]|1?\d{1,2}))$/", $eping_hosttocheck))

Won't match IPv6 addresses, but neither will the original code, and it
matches IP addresses perfectly I believe.

-- 
Jonathan Angliss
<jon@...dork.net>
Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ