Commit 07ac18a3 authored by Lubomir Rintel's avatar Lubomir Rintel

service: disallow newlinies in configuration values (CVE-2018-10900)

The vpnc configuration format doesn't allow those. vpnc(8):

  The values start exactly one space after the keywords, and run to the end
  of line. This lets you put any kind of weird character (except CR, LF and
  NUL) in your strings

We have no choice but to reject them. If we didn't it would allow the
user to inject arbitrary configuration directives with potential
security implications.

https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc

Reported by: Denis Andzakovic
parent 48aa50d1
......@@ -209,7 +209,14 @@ validate_one_property (const char *key, const char *value, gpointer user_data)
break; /* technically valid, but unused */
case ITEM_TYPE_STRING:
case ITEM_TYPE_SECRET:
break; /* valid */
if (strchr (value, '\n') || strchr (value, '\r')) {
g_set_error (info->error,
NM_VPN_PLUGIN_ERROR,
NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
_("property “%s” contains a newline character"),
key);
}
break;
case ITEM_TYPE_PATH:
if ( !value
|| !strlen (value)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment