From a799d25f3e3e0ef9c541605b30cb6b16f1f2e05e Mon Sep 17 00:00:00 2001 From: oes Date: Fri, 6 Jun 2003 07:54:25 +0000 Subject: [PATCH] Security fix: dspatch_known_cgi no longer considers an empty referrer safe for critical CGIs, since malicious links could reside on https:// locations which browsers don't advertize as referrers. Closes bug #749916, thanks to Jeff Epler for the hint. Goodbye One-Click[tm] toggling :-( --- cgi.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/cgi.c b/cgi.c index 41e01f58..14840545 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.8 2003/04/29 13:33:51 oes Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.9 2003/05/08 15:11:31 oes Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/Attic/cgi.c,v $ @@ -38,6 +38,9 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.70.2.8 2003/04/29 13:33:51 oes Exp $"; * * Revisions : * $Log: cgi.c,v $ + * Revision 1.70.2.9 2003/05/08 15:11:31 oes + * Nit + * * Revision 1.70.2.8 2003/04/29 13:33:51 oes * Killed a compiler warning on OSX * @@ -836,12 +839,12 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, if ((d->name == NULL) || (strcmp(path_copy, d->name) == 0)) { /* - * If the called CGI is either harmless, or not referred - * from an untrusted source, start it. + * If the called CGI is either harmless, or referred + * from a trusted source, start it. */ if (d->harmless - || (NULL == (referrer = grep_cgi_referrer(csp))) - || (0 == strncmp(referrer, "http://config.privoxy.org/", 26)) + || ((NULL != (referrer = grep_cgi_referrer(csp))) + && (0 == strncmp(referrer, "http://config.privoxy.org/", 26))) ) { err = (d->handler)(csp, rsp, param_list); -- 2.49.0