Actions
Bug #14052
closedBridge interface is not properly validated when submitted on ``interfaces_bridge_edit.php``
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
When creating or editing a bridge interface on interfaces_bridge_edit.php
, the submitted $_POST['bridgeif']
is used in interface_bridge_configure()
before it is validated. Subsequently, that function calls others which in turn use the submitted interface name in shell commands.
Due to a lack of escaping on commands in the functions being called, it is possible to execute arbitrary commands with a properly formatted submission value for $_POST['bridgeif']
such as "; touch somefile; #
".
Updated by Jim Pingle almost 2 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset c5b8e57aa51ff82b45bd6cb925ba512f4c01dcba.
Updated by Jim Pingle over 1 year ago
- Status changed from Feedback to Resolved
I can't get any problematic input past the new input validation. Looks solid to me.
Actions