From ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8 Mon Sep 17 00:00:00 2001
From: David Sommerseth <dazo@users.sourceforge.net>
Date: Wed, 1 Apr 2009 23:15:39 +0200
Subject: Security enhancement: Added check in eDBadmin* functions that the
 context is correct

---
 database/sqlite/firewalladmin.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'database/sqlite/firewalladmin.c')

diff --git a/database/sqlite/firewalladmin.c b/database/sqlite/firewalladmin.c
index 2877f76..6f0cf44 100644
--- a/database/sqlite/firewalladmin.c
+++ b/database/sqlite/firewalladmin.c
@@ -148,6 +148,12 @@ xmlDoc *eDBadminFirewallProfiles(eurephiaCTX *ctx, xmlDoc *srch) {
         DEBUG(ctx, 20, "Function call: eDBadminFirewallProfiles(ctx, {xmlDoc})");
         assert( (ctx != NULL) && (srch != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         root_n = eurephiaXML_getRoot(ctx, srch, "firewall_profiles", 1);
         if( root_n == NULL ) {
                 eurephia_log(ctx, LOG_CRITICAL, 0, "Invalid XML input.");
-- 
cgit