From 92cc45c930b9f4f6e19286abf07a209b4443acc3 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 8 Mar 2008 16:25:56 +0000
Subject: [PATCH] After three file modification time mismatches, turn the CGI
editor off.
---
ChangeLog | 4 ++++
cgiedit.c | 29 ++++++++++++++++++++++++++++-
2 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 9f66a97c..c7a04202 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,10 @@ ChangeLog for Privoxy
- Not enabling limit-connect now allows CONNECT requests to all ports.
In previous versions it would only allow CONNECT requests to port 443.
Use +limit-connect{443} if you think you need the old default behaviour.
+- The CGI editor gets turned off after three edit requests with invalid
+ file modification timestamps. This makes life harder for attackers
+ who can leverage browser bugs to send fake Referers and intend to
+ brute-force edit URLs.
- Fixed false-positives with the link-by-url filter and URLs that
contain the pattern "/jump/".
- The less-download-windows filter no longer messes
diff --git a/cgiedit.c b/cgiedit.c
index 190c1a19..e6506a8c 100644
--- a/cgiedit.c
+++ b/cgiedit.c
@@ -1,4 +1,4 @@
-const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.57 2007/10/27 13:32:23 fabiankeil Exp $";
+const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.58 2007/11/28 17:57:01 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgiedit.c,v $
@@ -42,6 +42,10 @@ const char cgiedit_rcs[] = "$Id: cgiedit.c,v 1.57 2007/10/27 13:32:23 fabiankeil
*
* Revisions :
* $Log: cgiedit.c,v $
+ * Revision 1.58 2007/11/28 17:57:01 fabiankeil
+ * Fix double free in cgi_edit_actions_list().
+ * Reported by adlab in BR#1840145.
+ *
* Revision 1.57 2007/10/27 13:32:23 fabiankeil
* Plug minor 5-year-old memory leak. Spotted by
* Valgrind and triggered by Privoxy-Regression-Test.
@@ -495,6 +499,11 @@ struct file_line
/** This file_line is in a {{description}} block. */
#define FILE_LINE_DESCRIPTION_ENTRY 10
+/*
+ * Number of file modification time mismatches
+ * before the CGI editor gets turned off.
+ */
+#define ACCEPTABLE_TIMESTAMP_MISMATCHES 3
/**
* A configuration file, in a format that can be edited and written back to
@@ -2010,6 +2019,7 @@ jb_err edit_read_actions_file(struct client_state *csp,
{
jb_err err;
struct editable_file *file;
+ static int acceptable_failures = ACCEPTABLE_TIMESTAMP_MISMATCHES - 1;
assert(csp);
assert(parameters);
@@ -2027,7 +2037,24 @@ jb_err edit_read_actions_file(struct client_state *csp,
}
else if (err == JB_ERR_MODIFIED)
{
+ assert(require_version);
err = cgi_error_modified(csp, rsp, lookup(parameters, "f"));
+ log_error(LOG_LEVEL_ERROR,
+ "Blocking CGI edit request due to modification time mismatch.");
+ if (acceptable_failures > 0)
+ {
+ log_error(LOG_LEVEL_INFO,
+ "The CGI editor will be turned off after another %d mismatche(s).",
+ acceptable_failures);
+ acceptable_failures--;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_INFO,
+ "Timestamp mismatch limit reached, turning CGI editor off. "
+ "Reload the configuration file to reenable it.");
+ csp->config->feature_flags &= ~RUNTIME_FEATURE_CGI_EDIT_ACTIONS;
+ }
}
if (err == JB_ERR_OK)
{
--
2.50.1