blob: 8b6405b4ad6430e1e959d9e68af6b1ee2bf1876f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001
From: Michael Larabel <michael@phoronix.com>
Date: Sat, 23 Jul 2022 07:32:43 -0500
Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in
phoromatic_quit_if_invalid_input_found()
Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678
Upstream-Status: Backport
CVE: CVE-2022-40704
Reference to upstream patch:
https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640
Signed-off-by: Li Wang <li.wang@windriver.com>
---
pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php
index 74ccc5444c..c2313dcdea 100644
--- a/pts-core/phoromatic/phoromatic_functions.php
+++ b/pts-core/phoromatic/phoromatic_functions.php
@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null)
{
foreach($input_keys as $key)
{
- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key]))
+ if(isset($_GET[$key]) && !empty($_GET[$key]))
{
- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check)
+ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check)
+ {
+ if(stripos($val_to_check, $invalid_string) !== false)
+ {
+ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check);
+ exit;
+ }
+ }
+ }
+ if(isset($_POST[$key]) && !empty($_POST[$key]))
+ {
+ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check)
{
if(stripos($val_to_check, $invalid_string) !== false)
{
|
