Opened 14 years ago

Closed 14 years ago

Last modified 13 years ago

#2939 closed defect (fixed)

msLoadQuery() does not validate file extension when loading saved query files

Reported by: sdlime Owned by: sdlime
Priority: high Milestone: 6.0 release
Component: MapServer C Library Version: unspecified
Severity: normal Keywords:
Cc: jmckenna


This can be used to probe a system for files that ARE NOT present. Since any value can be passed the code will attempt to open then file and then if missing will report that that fact. The solution is to validate the file extension before accessing the file and if not ending with .qy throw an error. Basically mirroring behavior used with mapfiles.

Might also make sense to add a magic key at the top of the file for further validation.


Change History (7)

comment:1 by sdlime, 14 years ago

Priority: normalhigh
Status: newassigned

comment:2 by sdlime, 14 years ago

Referencing CVE-2009-0843...

comment:3 by jmckenna, 14 years ago

Cc: jmckenna added

comment:4 by sdlime, 14 years ago

Milestone: 5.2.2 release5.4 release

Fixed r8805 for MapServer 5.2 branch. Fixed in r8823 for 4.10 branch. Moving to 5.4 now.


comment:5 by sdlime, 14 years ago

Milestone: 5.4 release6.0 release

Fixed in 5.4 branch in r8853, moving to 6.0/trunk.


comment:6 by sdlime, 14 years ago

Resolution: fixed
Status: assignedclosed

Main problem fixed in trunk. Query files will likely see attention as part of other changes so I'll close this. No documentation carry over...


comment:7 by aboudreault, 13 years ago

Backported to branch-5-0 in r9199

Note: See TracTickets for help on using tickets.