Commit c5b5d2cd authored by Ted Trask's avatar Ted Trask

Added escapespecialcharacters to format.lua to escape shell special...

Added escapespecialcharacters to format.lua to escape shell special characters.  Reviewed all calls to io.popen and os.execute to escape special characters.  Fixed file uploads in openssl and ipsectools with viewfunctions.lua.  Tried to fix openssl renew when subject contains special characters, but not done yet.

git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1687 ab2d0c66-481e-0410-8bed-d214d4d58bed
parent 2b648a4e
......@@ -4,6 +4,7 @@ module(..., package.seeall)
require("modelfunctions")
require("fs")
require("format")
require("validator")
-- Set variables
local configfile = "/etc/racoon/racoon.conf"
......@@ -33,9 +34,10 @@ local descr = {
-- ################################################################################
-- LOCAL FUNCTIONS
-- Make sure to escape special characters before calling this function
local function ip_xfrm(mode)
local cmd_output_result
local cmd = "/bin/ip xfrm " .. mode .. " 2>/dev/null"
local cmd = "/bin/ip xfrm " .. (mode or "") .. " 2>/dev/null"
local f = io.popen( cmd )
local cmd_output_result = f:read("*a")
f:close()
......@@ -45,8 +47,8 @@ end
local function phase2details(dst)
local output = {}
dst = string.match(dst,"^(.*)%.") -- Removes the portnumber
table.insert(output, {label="Outgoing", value=ip_xfrm("state list src ".. dst .. " | grep '^src'")})
table.insert(output, {label="Incoming", value=ip_xfrm("state list dst ".. dst .. " | grep '^src'")})
table.insert(output, {label="Outgoing", value=ip_xfrm("state list src ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
table.insert(output, {label="Incoming", value=ip_xfrm("state list dst ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
return output
end
......@@ -183,19 +185,25 @@ function upload_cert(newcert)
-- Trying to upload a cert/key
-- The way haserl works, cert contains the temporary file name
-- First, get the cert
local cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."cert.pem -password pass:"..newcert.value.password.value.." -nokeys -clcerts 2>&1"
local f = io.popen(cmd)
local cmdresult = f:read("*a")
f:close()
local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
local cmd, f, cmdresult
if validator.is_valid_filename(newcert.value.cert.value, "/tmp/") and fs.is_file(newcert.value.cert.value) then
cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."cert.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -clcerts 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
success = false
end
else
newcert.value.cert.errtxt = "Invalid certificate"
success = false
end
-- Now, get the key and the ca certs
if success then
cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."key.pem -password pass:"..newcert.value.password.value.." -nocerts -nodes 2>&1"
cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."key.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nocerts -nodes 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
......@@ -205,7 +213,7 @@ function upload_cert(newcert)
success = false
end
cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."ca.pem -password pass:"..newcert.value.password.value.." -nokeys -cacerts 2>&1"
cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."ca.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -cacerts 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
......@@ -238,9 +246,15 @@ function upload_cert(newcert)
end
-- Delete the temporary files
cmd = "rm "..newcert.value.cert.value.."*"
f = io.popen(cmd)
f:close()
if validator.is_valid_filename(newcert.value.cert.value, "/tmp/") and fs.is_file(newcert.value.cert.value) then
cmd = "rm "..format.escapespecialcharacters(newcert.value.cert.value)
f = io.popen(cmd.."cert.pem")
f:close()
f = io.popen(cmd.."key.pem")
f:close()
f = io.popen(cmd.."ca.pem")
f:close()
end
return newcert
end
......@@ -250,7 +264,7 @@ view_cert = function(certname)
local cmdresult = "Invalid cert name"
for i,cert in ipairs(list.value) do
if cert == certname then
local cmd = path .. "openssl x509 -in "..baseurl..certname.." -noout -text"
local cmd = path .. "openssl x509 -in "..baseurl..format.escapespecialcharacters(certname).." -noout -text"
local f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
......
......@@ -7,8 +7,8 @@ io.write(html.cfe_unpack(form))
<H1><%= html.html_escape(form.label) %></H1>
<%
-- This is a kludge to get file upload working
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action .. '" enctype="multipart/form-data'
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
form.enctype = "multipart/form-data"
form.value.cert.type="file"
form.value.password.type="password"
local order = {"cert", "password"}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment