From a9f0837233938408364f067bf89def53b677f68f Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 20 Feb 2017 13:44:32 +0000
Subject: [PATCH] Add a 'trusted-cgi-referrer' directive

It allows to configure another page or site that can be used
to reach sensitive CGI ressources.

Example:
trusted-cgi-referer http://www.example.org/blafasel

Currently the parameter is a vanilla string (not a regular
expression) and has to match the beginning of the Referer
the client used to reach a harmful ressource.

Sponsored by: Robert Klemme
---
 cgi.c     | 15 ++++++++++++++-
 loadcfg.c | 17 ++++++++++++++++-
 project.h |  7 ++++++-
 3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/cgi.c b/cgi.c
index b96dd431..7c84b69f 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.169 2017/01/23 13:05:26 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.170 2017/01/23 16:12:18 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/cgi.c,v $
@@ -441,6 +441,7 @@ static int referrer_is_safe(const struct client_state *csp)
 {
    char *referrer;
    static const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/";
+   const char *trusted_cgi_referrer = csp->config->trusted_cgi_referrer;
 
    referrer = grep_cgi_referrer(csp);
 
@@ -459,6 +460,18 @@ static int referrer_is_safe(const struct client_state *csp)
 
       return TRUE;
    }
+   else if ((trusted_cgi_referrer != NULL) && (0 == strncmp(referrer,
+            trusted_cgi_referrer, strlen(trusted_cgi_referrer))))
+   {
+      /*
+       * After some more testing this block should be merged with
+       * the previous one or the log level should bedowngraded.
+       */
+      log_error(LOG_LEVEL_INFO, "Granting access to %s based on trusted referrer %s",
+         csp->http->url, referrer);
+
+      return TRUE;
+   }
    else
    {
       /* Untrustworthy referrer */
diff --git a/loadcfg.c b/loadcfg.c
index b4a43ac8..5870e9f3 100644
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -1,4 +1,4 @@
-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.153 2016/05/22 12:43:07 fabiankeil Exp $";
+const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.154 2016/09/27 22:48:28 ler762 Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
@@ -168,6 +168,7 @@ static struct file_list *current_configfile = NULL;
 #define hash_toggle                          447966U /* "toggle" */
 #define hash_trust_info_url               430331967U /* "trust-info-url" */
 #define hash_trust_x_forwarded_for       2971537414U /* "trust-x-forwarded-for" */
+#define hash_trusted_cgi_referrer        4270883427U /* "trusted-cgi-referrer" */
 #define hash_trustfile                     56494766U /* "trustfile" */
 #define hash_usermanual                  1416668518U /* "user-manual" */
 #define hash_activity_animation          1817904738U /* "activity-animation" */
@@ -257,6 +258,7 @@ static void unload_configfile (void * data)
    freez(config->proxy_info_url);
    freez(config->proxy_args);
    freez(config->usermanual);
+   freez(config->trusted_cgi_referrer);
 
 #ifdef FEATURE_TRUST
    freez(config->trustfile);
@@ -602,6 +604,7 @@ struct configuration_spec * load_config(void)
    config->client_tag_lifetime       = 60;
 #endif
    config->trust_x_forwarded_for     = 0;
+   config->trusted_cgi_referrer      = NULL;
    /*
     * 128 client sockets ought to be enough for everybody who can't
     * be bothered to read the documentation to figure out how to
@@ -1597,6 +1600,18 @@ struct configuration_spec * load_config(void)
             config->trust_x_forwarded_for = parse_toggle_state(cmd, arg);
             break;
 
+/* *************************************************************************
+ * trusted-cgi-referrer http://www.example.org/some/path.html
+ * *************************************************************************/
+         case hash_trusted_cgi_referrer :
+            /*
+             * We don't validate the specified referrer as
+             * it's only used for string comparison.
+             */
+            freez(config->trusted_cgi_referrer);
+            config->trusted_cgi_referrer = strdup_or_die(arg);
+            break;
+
 /* *************************************************************************
  * trustfile filename
  * (In confdir by default.)
diff --git a/project.h b/project.h
index 320bbd64..1fc0bd4c 100644
--- a/project.h
+++ b/project.h
@@ -1,7 +1,7 @@
 #ifndef PROJECT_H_INCLUDED
 #define PROJECT_H_INCLUDED
 /** Version string. */
-#define PROJECT_H_VERSION "$Id: project.h,v 1.218 2016/12/24 16:00:49 fabiankeil Exp $"
+#define PROJECT_H_VERSION "$Id: project.h,v 1.219 2017/01/23 16:10:28 fabiankeil Exp $"
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/project.h,v $
@@ -1337,6 +1337,11 @@ struct configuration_spec
    /** IP addresses to bind to.  Defaults to HADDR_DEFAULT == 127.0.0.1. */
    const char *haddr[MAX_LISTENING_SOCKETS];
 
+   /** Trusted referring site that can be used to reach CGI
+     * pages that aren't marked as harmful.
+     */
+   const char *trusted_cgi_referrer;
+
    /** Ports to bind to.  Defaults to HADDR_PORT == 8118. */
    int         hport[MAX_LISTENING_SOCKETS];
 
-- 
2.39.2