From 7076426b284a5ba9128071d33cbd5a3c6cc23b74 Mon Sep 17 00:00:00 2001
From: Enrique Martin <enrique.martin@pandorafms.com>
Date: Thu, 23 May 2024 12:49:26 +0200
Subject: [PATCH] cve-2024-35307

---
 pandora_console/include/functions.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index dace338423..1066281ce9 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -2164,6 +2164,21 @@ function get_snmpwalk(
         return [];
     }
 
+    // Check if valid IP or DNS
+    if (filter_var($ip_target, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6) === false &&
+        preg_match('/^(?!-)[A-Za-z0-9-]{1,63}(?<!-)(\.(?!-)[A-Za-z0-9-]{1,63}(?<!-))*$/', $ip_target) !== 1
+    ) {
+        return [];
+    }
+
+    // Check if valid OID or MIB and not starting with dash (-)
+    if ((preg_match('/^\.{0,1}(\d+(\.\d+)*){0,1}$/', $base_oid) !== 1 &&
+        preg_match('/^[A-Za-z0-9-:]+(\.[A-Za-z0-9-:]+)*(?<![-:])$/', $base_oid) !== 1) ||
+        preg_match('/^-/', $base_oid) === 1
+    ) {
+        return [];
+    }
+
     // Note: quick_print is ignored
     // Fix for snmp port
     if (!empty($snmp_port)) {