proxmox-mirrors/proxmox-backup
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-backup synced 2025-08-16 07:32:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

proxy: limit theme value in length and disallow '/'

Browse Source 
while with rust strings we cannot inject \0, it feels a bit safer to
enforce some basic restrictions, with length and not containing any
slash seems sensible enough.

Admins should not put sensible data as theme-XYZ.css files in
/usr/share (which is normally readable by all system users anyway)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-03-14 17:54:14 +01:00
parent ee0eaeae63
commit 6b815bc022
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/bin/proxmox-backup-proxy.rs
View File

@ -96,10 +96,12 @@ fn get_language(headers: &http::HeaderMap) -> String {
fn get_theme(headers: &http::HeaderMap) -> String { fn get_theme(headers: &http::HeaderMap) -> String {
let exists = |t: &str| { let exists = |t: &str| {
Path::new(&format!( t.len() < 32
"/usr/share/javascript/proxmox-widget-toolkit/themes/theme-{t}.css" && !t.contains('/')
)) && Path::new(&format!(
.exists() "/usr/share/javascript/proxmox-widget-toolkit/themes/theme-{t}.css"
))
.exists()
}; };
match cookie_from_header(headers, "PBSThemeCookie") { match cookie_from_header(headers, "PBSThemeCookie") {