summaryrefslogtreecommitdiffstats
path: root/pki/base
diff options
context:
space:
mode:
authoralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-04-10 18:48:56 +0000
committeralee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-04-10 18:48:56 +0000
commit069c6d0dcfdf06660a7984d12bc3afb07d272373 (patch)
treecf03ad5632bcf14085d983784060898ce5091917 /pki/base
parent3ea60be8a53cbe26857bb0843368c7f4b38ffb36 (diff)
downloadpki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.gz
pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.tar.xz
pki-069c6d0dcfdf06660a7984d12bc3afb07d272373.zip
Bugzilla Bug #223353 - Values entered through web ui are not checked/escaped
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@381 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java25
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java25
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java29
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java16
-rw-r--r--pki/base/tps/src/modules/tokendb/mod_tokendb.cpp33
-rw-r--r--pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java6
9 files changed, 108 insertions, 36 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
index 8b764eb97..098be45dd 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -742,4 +742,29 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
return p.substitute2("request", attrSet);
}
+
+ protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
+ {
+ StringBuffer result = new StringBuffer();
+
+ // Do we need to escape any characters
+ for (int i = 0; i < v.length(); i++) {
+ int c = v.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' || c == '"') {
+ result.append('\\');
+ if (doubleEscape) result.append('\\');
+ }
+ if (c == '\r') {
+ result.append("0D");
+ } else if (c == '\n') {
+ result.append("0A");
+ } else {
+ result.append((char)c);
+ }
+ }
+ return result;
+ }
+
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
index ca33ca6e1..a53b98fa3 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
@@ -415,8 +415,8 @@ ldapInit();
if (la != null) {
String[] sla = la.getStringValueArray();
CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+
- "=" +sla[0]);
- request.setExtData(mLdapStringAttrs[i], sla[0]);
+ "=" + escapeValueRfc1779(sla[0], false).toString());
+ request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
}
}
//cfu
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 1f1daec25..dceb44239 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -2122,5 +2122,30 @@ public abstract class CMSServlet extends HttpServlet {
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
}
}
+
+ protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
+ {
+ StringBuffer result = new StringBuffer();
+
+ // Do we need to escape any characters
+ for (int i = 0; i < v.length(); i++) {
+ int c = v.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' || c == '"') {
+ result.append('\\');
+ if (doubleEscape) result.append('\\');
+ }
+ if (c == '\r') {
+ result.append("0D");
+ } else if (c == '\n') {
+ result.append("0A");
+ } else {
+ result.append((char)c);
+ }
+ }
+ return result;
+ }
+
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index cd51dd659..409a12754 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -195,29 +195,6 @@ public class SrchCerts extends CMSServlet {
}
}
- private StringBuffer escapeValueRfc1779(String v)
- {
- StringBuffer result = new StringBuffer();
-
- // Do we need to escape any characters
- for (int i = 0; i < v.length(); i++) {
- int c = v.charAt(i);
- if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- result.append('\\');
- }
- if (c == '\r') {
- result.append("0D");
- } else if (c == '\n') {
- result.append("0A");
- } else {
- result.append((char)c);
- }
- }
- return result;
- }
-
private void buildAVAFilter(HttpServletRequest req, String paramName,
String avaName, StringBuffer lf, String match)
{
@@ -228,12 +205,12 @@ public class SrchCerts extends CMSServlet {
lf.append("(x509cert.subject=*");
lf.append(avaName);
lf.append("=");
- lf.append(escapeValueRfc1779(val));
+ lf.append(escapeValueRfc1779(val, true));
lf.append(",*)");
lf.append("(x509cert.subject=*");
lf.append(avaName);
lf.append("=");
- lf.append(escapeValueRfc1779(val));
+ lf.append(escapeValueRfc1779(val, true));
lf.append(")");
lf.append(")");
} else {
@@ -241,7 +218,7 @@ public class SrchCerts extends CMSServlet {
lf.append(avaName);
lf.append("=");
lf.append("*");
- lf.append(escapeValueRfc1779(val));
+ lf.append(escapeValueRfc1779(val, true));
lf.append("*)");
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
index 8d6166dbd..947ba42a9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -372,7 +372,7 @@ public class CMSTemplate extends CMSFile {
for (int i = 0; i < l; i++) {
char c = in[i];
- if (c > 0x23) {
+ if ((c > 0x23) && (c!= 0x5c)) {
out[j++] = c;
continue;
}
@@ -407,6 +407,7 @@ public class CMSTemplate extends CMSFile {
out[j++] = c;
}
}
+ String ret = new String(out,0,j);
return new String(out, 0, j);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index ff4c8d7bf..3c13eda56 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -328,7 +328,8 @@ public class ProfileServlet extends CMSServlet {
for (int i = 0; i < l; i++) {
char c = in[i];
- if (c > 0x23) {
+ /* presumably this gives better performance */
+ if ((c > 0x23) && (c != 0x5c)) {
out[j++] = c;
continue;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 894ecd49d..6a5263fcf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -107,9 +107,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (inputNames.hasMoreElements()) {
String inputName = (String) inputNames.nextElement();
-
if (request.getParameter(inputName) != null) {
- ctx.set(inputName, request.getParameter(inputName));
+ // all subject name parameters start with sn_, no other input parameters do
+ if (inputName.matches("^sn_.*")) {
+ ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString());
+ } else {
+ ctx.set(inputName, request.getParameter(inputName));
+ }
}
}
}
@@ -306,7 +310,12 @@ public class ProfileSubmitServlet extends ProfileServlet {
String inputName = (String) inputNames.nextElement();
if (request.getParameter(inputName) != null) {
- req.setExtData(inputName, request.getParameter(inputName));
+ // special characters in subject names parameters must be escaped
+ if (inputName.matches("^sn_.*")) {
+ req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString());
+ } else {
+ req.setExtData(inputName, request.getParameter(inputName));
+ }
}
}
}
@@ -351,7 +360,6 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
-
private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) {
Enumeration outputIds = profile.getProfileOutputIds();
diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
index 8ac1fa8db..aa5487948 100644
--- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
+++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -547,6 +547,32 @@ char *getData( char *fileName, char *injection )
return buf;
}
+/**
+ * returns string with special characters escaped. Caller must free the contents
+ */
+char *escapeSpecialChars(char* src)
+{
+ char *ret;
+ int i =0;
+
+ if (PL_strlen(src) == 0) {
+ return PL_strdup(src);
+ }
+ ret = (char *)PR_Malloc(PL_strlen(src) * 2 + 1);
+
+ while (*src != '\0') {
+ if (*src == '"') {
+ ret[i++] = '\\';
+ ret[i++] = '"';
+ } else {
+ ret[i++] = *src;
+ }
+ src++;
+ }
+ ret[i]='\0';
+ return ret;
+}
+
void getCertificateFilter( char *filter, char *query )
{
@@ -4119,7 +4145,12 @@ mod_tokendb_handler( request_rec *rq )
PL_strcat( injection, "\"" );
}
- PL_strcat( injection, vals[i] );
+ // make sure to escape any special characters
+ char *escaped = escapeSpecialChars(vals[i]);
+ PL_strcat( injection, escaped );
+ if (escaped != NULL) {
+ PL_strfree(escaped);
+ }
}
if( i > v_start ) {
diff --git a/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java b/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java
index 68deca82f..e75947a8d 100644
--- a/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java
+++ b/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java
@@ -758,7 +758,11 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter
if (specialChars.indexOf(valueStr.charAt(i)) != -1) {
retval.append('\\');
retval.append(valueStr.charAt(i));
- }
+ } else
+ if (valueStr.charAt(i) == '"') {
+ retval.append('\\');
+ retval.append(valueStr.charAt(i));
+ }
else
retval.append(valueStr.charAt(i));
}
generated by cgit (git 2.34.1) at 2024-06-21 12:01:28 +0000