Actions
Bug #8871
closed
Suricata: input not validated properly in suricata_rulesets.php results in wrong argument passed to in_array()
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
09/04/2018
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
Spotted this today:
Crash report begins. Anonymous machine information: amd64 11.2-RELEASE-p2 FreeBSD 11.2-RELEASE-p2 #106 b0703dcab3c(RELENG_2_4_4): Sun Sep 2 22:17:18 EDT 2018 root@buildbot3:/builder/crossbuild-ce-master/obj/amd64/FWJoMRHc/builder/crossbuild-ce-master/pfSense/tmp/FreeBSD-src/sys/pfSense Crash report details: PHP Errors: [03-Sep-2018 10:26:58 Etc/UTC] PHP Warning: in_array() expects parameter 2 to be array, string given in /usr/local/www/suricata/suricata_rulesets.php on line 450 No FreeBSD crash data found.
It will only trigger if the community rules are enabled:
<?php elseif (in_array($community_rules_file, $enabled_rulesets_array)): ?>
<tr>
<td>
<input type="checkbox" name="toenable[]" value="<?=$community_rules_file;?>" checked="checked"/>
</td>
<td colspan="4">
<?php if ($no_community_files): ?>
<?php echo gettext("{$msg_community}"); ?>
<?php else: ?>
<a href='suricata_rules.php?id=<?=$id;?>&openruleset=<?=$community_rules_file;?>'><?php echo gettext("{$msg_community}"); ?></a>
<?php endif; ?>
</td>
</tr>
<?php else: ?>
Without further inspection, I would guess at some point $enabled_rulesets_array is initialized with information probably stored from user input (I noticed this came up after I added a new rule to my disabled list but could have been there earlier).
Probably not a security risk, but it deserves further analysis as it might indicate a lack of user input validation (you do need to be authenticated and privileged to alter the Suricata configuration).
I don't know if it manifests functionally elsewhere (ex by causing problems).
Updated by 
Updated by 
Updated by
Actions