#2939 closed defect (fixed)
msLoadQuery() does not validate file extension when loading saved query files
Reported by: | sdlime | Owned by: | sdlime |
---|---|---|---|
Priority: | high | Milestone: | 6.0 release |
Component: | MapServer C Library | Version: | unspecified |
Severity: | normal | Keywords: | |
Cc: | jmckenna |
Description
This can be used to probe a system for files that ARE NOT present. Since any value can be passed the code will attempt to open then file and then if missing will report that that fact. The solution is to validate the file extension before accessing the file and if not ending with .qy throw an error. Basically mirroring behavior used with mapfiles.
Might also make sense to add a magic key at the top of the file for further validation.
Steve
Change History (7)
comment:1 by , 15 years ago
Priority: | normal → high |
---|---|
Status: | new → assigned |
comment:2 by , 15 years ago
comment:3 by , 15 years ago
Cc: | added |
---|
comment:4 by , 15 years ago
Milestone: | 5.2.2 release → 5.4 release |
---|
comment:5 by , 15 years ago
Milestone: | 5.4 release → 6.0 release |
---|
Fixed in 5.4 branch in r8853, moving to 6.0/trunk.
Steve
comment:6 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Main problem fixed in trunk. Query files will likely see attention as part of other changes so I'll close this. No documentation carry over...
Steve
Referencing CVE-2009-0843...