From patchwork Thu Oct 2 11:10:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9149 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ccpxC3SBmz3wb0 for ; Thu, 02 Oct 2025 11:10:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ccpxB48p2z43v for ; Thu, 02 Oct 2025 11:10:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ccpxB3P9zz2xSN for ; Thu, 02 Oct 2025 11:10:22 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ccpx766Cjz2xMK for ; Thu, 02 Oct 2025 11:10:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ccpx64p09zCj; Thu, 02 Oct 2025 11:10:18 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1759403418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=GXU+NR2SvR/MCkG42NtTGaZ4NqxPR8IJr5vhtjFHxP4=; b=jvWHZpLYvLrDKJNpKgegVd+8BPCZkZ4j7WaTK5ljGY6B2qSgqM50RAVE6c87JOGFu2crWW qQUX/GGrgLfV7rAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1759403418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=GXU+NR2SvR/MCkG42NtTGaZ4NqxPR8IJr5vhtjFHxP4=; b=udR9e5LAwXfP7+fn8KzmeffHPiEJPEYTG6oeQHRmI9QGcTuPCWFw5mnWW9dzDGlFwxgRP1 JzYPtTjAbfK4uOO4F1c8CL/oWxNJCuflePAg6WdOxL6TAbngGW0GVkIhhOKRBdm0+A2FnD VXWRa5I5y++PJf0xljX+LoQ+8kBR65ndyafDNuhFomZ21gJavCDPNMr+YS2o060qADCSFt cvj5RyYIQp7F7hujstJGUyfI6dMFonH45odCUq4PlVwLUmHPe7ub4eogw1Hns65X+ZXJ49 wUVlg8a+o+b+PnROlo+g4fKsPS/NW07k3X0EdZrmtbnrDhuJItFvTtbdiaLdJg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/2] dns.cgi: Fix for XSS potential Date: Thu, 2 Oct 2025 13:10:14 +0200 Message-ID: <20251002111015.13264-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Related to CVE-2025-50976 - Fixes NAMESERVER & REMARK - TLS_HOSTNAME was already fixed in a previous patch Signed-off-by: Adolf Belka --- html/cgi-bin/dns.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 883c7efb6..29a46d4b6 100644 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -775,9 +775,9 @@ sub show_add_edit_nameserver() { # Check if an ID has been given. if ($cgiparams{'ID'}) { # Assign cgiparams values. - $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0]; + $cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]); $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1]; - $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3]; + $cgiparams{'REMARK'} = $Header::escape($dns_servers{$cgiparams{'ID'}}[3]); } } else { &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});