From 185998a21992f9e8cdcde912b0f9c48fa0c7bebf Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Tue, 22 May 2012 15:50:49 +0200 Subject: [PATCH] Fixed arbitrary file read issue in Disk LogStream class. The config.php file does now contain an array "DiskAllowed" which contains allowed directories. Only files located within these allowed directories can be accessed in LogAnalyzer. By default, only /var/log is allowed. --- src/classes/logstreamdisk.class.php | 23 +++++++++++++++++++++++ src/include/config.sample.php | 4 ++++ src/include/constants_errors.php | 1 + src/include/functions_common.php | 10 +++++++--- src/include/functions_config.php | 21 +++++++++++++++++++++ src/lang/en/main.php | 2 ++ 6 files changed, 58 insertions(+), 3 deletions(-) diff --git a/src/classes/logstreamdisk.class.php b/src/classes/logstreamdisk.class.php index f127a75..4fcc396 100644 --- a/src/classes/logstreamdisk.class.php +++ b/src/classes/logstreamdisk.class.php @@ -117,6 +117,29 @@ class LogStreamDisk extends LogStream { * @return integer Error state */ public function Verify() { + global $content; + + // --- Check if Filename is within allowed directories! + $szFileDirName = dirname($this->_logStreamConfigObj->FileName); + $bIsAllowedDir = false; + foreach($content['DiskAllowed'] as $szAllowedDir) + { + if ( strpos($szAllowedDir, $szFileDirName) !== FALSE ) + { + $bIsAllowedDir = true; + break; + } + } + if ( !$bIsAllowedDir ) + { + global $extraErrorDescription; + $extraErrorDescription = GetAndReplaceLangStr( $content['LN_ERROR_PATH_NOT_ALLOWED_EXTRA'], $this->_logStreamConfigObj->FileName, implode(", ", $content['DiskAllowed']) ); + + return ERROR_PATH_NOT_ALLOWED; + } + + + // --- // Check if file exists! if(!file_exists($this->_logStreamConfigObj->FileName)) { diff --git a/src/include/config.sample.php b/src/include/config.sample.php index 721fe3f..34a9b9b 100644 --- a/src/include/config.sample.php +++ b/src/include/config.sample.php @@ -125,6 +125,10 @@ $CFG['Charts'][] = array ( "DisplayName" => "Severity Occurences", "chart_type" $CFG['Charts'][] = array ( "DisplayName" => "Usage by Day", "chart_type" => CHART_CAKE, "chart_width" => 400, "chart_field" => SYSLOG_DATE, "maxrecords" => 10, "showpercent" => 1, "chart_enabled" => 1 ); // --- +// --- Configure allowed directories for File base logstream sources +$CFG['DiskAllowed'][] = "/var/log/"; +// --- + // --- Source Options /* Example for DiskType Source: $CFG['Sources']['Source1']['ID'] = "Source1"; diff --git a/src/include/constants_errors.php b/src/include/constants_errors.php index 2f6e7dc..4f9cdfb 100644 --- a/src/include/constants_errors.php +++ b/src/include/constants_errors.php @@ -78,5 +78,6 @@ define('ERROR_DB_TRIGGERFAILED', 29); define('ERROR_DB_CHECKSUMERROR', 30); define('ERROR_DB_CHECKSUMCHANGEFAILED', 31); define('ERROR_DB_ADDDBFIELDFAILED', 32); +define('ERROR_PATH_NOT_ALLOWED', 33); ?> \ No newline at end of file diff --git a/src/include/functions_common.php b/src/include/functions_common.php index b0a7fa0..c8616db 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -66,7 +66,7 @@ $LANG_EN = "en"; // Used for fallback $LANG = "en"; // Default language // Default Template vars -$content['BUILDNUMBER'] = "3.4.1"; +$content['BUILDNUMBER'] = "3.4.3"; $content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt"; $content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title $content['BASEPATH'] = $gl_root_path; @@ -199,6 +199,10 @@ function InitPhpLogCon() InitPhpDebugMode(); // --- + // --- Init Allowed directories for DiskSources + InitDiskAllowedSources(); + // --- + // --- Check and Remove Magic Quotes! RemoveMagicQuotes(); // --- @@ -1911,16 +1915,16 @@ function GetErrorMessage($errorCode) return $content['LN_ERROR_DB_TABLENOTFOUND']; case ERROR_DB_DBFIELDNOTFOUND: return $content['LN_ERROR_DB_DBFIELDNOTFOUND']; - case ERROR_CHARTS_NOTCONFIGURED: return $content['LN_ERROR_CHARTS_NOTCONFIGURED']; case ERROR_FILE_NOMORETIME: return $content['LN_ERROR_FILE_NOMORETIME']; case ERROR_SOURCENOTFOUND: return $content['LN_GEN_ERROR_SOURCENOTFOUND']; - case ERROR_REPORT_NODATA: return $content['LN_GEN_ERROR_REPORT_NODATA']; + case ERROR_PATH_NOT_ALLOWED: + return $content['LN_ERROR_PATH_NOT_ALLOWED']; default: return GetAndReplaceLangStr( $content['LN_ERROR_UNKNOWN'], $errorCode ); diff --git a/src/include/functions_config.php b/src/include/functions_config.php index 8af0dfd..4e7470f 100644 --- a/src/include/functions_config.php +++ b/src/include/functions_config.php @@ -614,6 +614,27 @@ function InitPhpLogConConfigFile($bHandleMissing = true) } +/* +* Helper function to load configured dbmappings from the database +*/ +function InitDiskAllowedSources() +{ + global $CFG, $content; + + // Init Source Configs! + if ( isset($CFG['DiskAllowed']) ) + { + // Copy Array to content array + $content['DiskAllowed'] = $CFG['DiskAllowed']; + } + else + { + // Set default + $content['DiskAllowed'][] = "/var/log/"; + } +} + + /* * Helper function to load configured dbmappings from the database */ diff --git a/src/lang/en/main.php b/src/lang/en/main.php index 05f4dd5..2690808 100644 --- a/src/lang/en/main.php +++ b/src/lang/en/main.php @@ -355,6 +355,8 @@ $content['LN_REPORT_FILTERTYPE_STRING'] = "String"; $content['LN_GEN_SUCCESS_WHILEREPORTGEN'] = "Report was successfully generated"; $content['LN_GEN_ERROR_REPORTFAILEDTOGENERATE'] = "Failed to generate report, error details: %1"; $content['LN_GEN_SUCCESS_REPORTWASGENERATED_DETAILS'] = "Successfully generated report: %1"; +$content['LN_ERROR_PATH_NOT_ALLOWED'] = "The file is not located in the allowed directories list (By default /var/log is allowed only)."; +$content['LN_ERROR_PATH_NOT_ALLOWED_EXTRA'] = "The file '%1' is not located in one of these directories: '%2'"; $content['LN_CMD_RUNREPORT'] = "Generating saved report '%1'"; $content['LN_CMD_REPORTIDNOTFOUND'] = "Invalid Report ID '%1'";