Bug #9061: PowerD command parameter validation and escaping - pfSense - pfSense bugtracker

Bug #9061

PowerD command parameter validation and escaping

Added by Jim Pingle over 2 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Jim Pingle

Category:

Hardware / Drivers

Target version:

2.4.4-p1

Start date:

10/23/2018

Due date:

% Done:

100%

Estimated time:

Affected Version:

All

Affected Architecture:

All

Release Notes:

Default

Description

The powerd parameters powerd_ac_mode, powerd_battery_mode, and powerd_normal_mode are not validated against the list of expected mode strings in /usr/local/www/system_advanced_misc.php. They are also not escaped before use when invoking the powerd command inside activate_powerd() from /etc/inc/system.inc.

This can lead to an authenticated command injection for users with access to that page.

Associated revisions

Revision 3be69929 (diff)
Added by Jim Pingle over 2 years ago

Validate and protect powerd option values. Fixes #9061

Revision c95a79d3 (diff)
Added by Jim Pingle over 2 years ago

Validate and protect powerd option values. Fixes #9061

(cherry picked from commit 3be699295e5cb7be24cc5361700be1a8b759e26c)

History

#1 Updated by Jim Pingle over 2 years ago

Status changed from Assigned to Feedback
% Done changed from 0 to 100

Applied in changeset 3be699295e5cb7be24cc5361700be1a8b759e26c.

#2 Updated by Anonymous over 2 years ago

Could recreate the behavior on 2.4.4. On 2.4.5.a.20181102.0213, could not reproduce the behavior, received


The following input errors were detected:

    Invalid Battery Power mode.

after modifying the value of Battery Power mode and clicking Save.

#3 Updated by Anonymous over 2 years ago

Status changed from Feedback to Resolved

#4 Updated by Jim Pingle over 2 years ago

Private changed from Yes to No

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries