[mapserver-commits] r8857 - branches/branch-5-4/mapserver

svn at osgeo.org svn at osgeo.org
Tue Mar 31 23:43:01 EDT 2009


Author: sdlime
Date: 2009-03-31 23:43:01 -0400 (Tue, 31 Mar 2009)
New Revision: 8857

Modified:
   branches/branch-5-4/mapserver/mapserv.c
   branches/branch-5-4/mapserver/mapserver.h
   branches/branch-5-4/mapserver/maptemplate.c
Log:
Added magic string support to templates. Added MS_MAP_PATTERN and MS_MAP_NO_PATH env vars to the CGI to limit file system access for mapfiles.

Modified: branches/branch-5-4/mapserver/mapserv.c
===================================================================
--- branches/branch-5-4/mapserver/mapserv.c	2009-04-01 03:24:31 UTC (rev 8856)
+++ branches/branch-5-4/mapserver/mapserv.c	2009-04-01 03:43:01 UTC (rev 8857)
@@ -197,10 +197,23 @@
       writeError();
     }
   } else {
-    if(getenv(mapserv->request->ParamValues[i])) /* an environment references the actual file to use */
+    if(getenv(mapserv->request->ParamValues[i])) /* an environment variable references the actual file to use */
       map = msLoadMap(getenv(mapserv->request->ParamValues[i]), NULL);
-    else
+    else {
+      /* by here we know the request isn't for something in an environment variable */
+      if(getenv("MS_MAP_NO_PATH")) {
+        msSetError(MS_WEBERR, "Mapfile not found in environment variables and this server is not configured for full paths.", "loadMap()");
+	writeError();
+      }
+
+      if(getenv("MS_MAP_PATTERN") && msEvalRegex(getenv("MS_MAP_PATTERN"), mapserv->request->ParamValues[i]) != MS_TRUE) {
+        msSetError(MS_WEBERR, "Parameter 'map' value fails to validate.", "loadMap()");
+        writeError();
+      }
+
+      /* ok to try to load now */
       map = msLoadMap(mapserv->request->ParamValues[i], NULL);
+    }
   }
 
   if(!map) writeError();

Modified: branches/branch-5-4/mapserver/mapserver.h
===================================================================
--- branches/branch-5-4/mapserver/mapserver.h	2009-04-01 03:24:31 UTC (rev 8856)
+++ branches/branch-5-4/mapserver/mapserver.h	2009-04-01 03:43:01 UTC (rev 8857)
@@ -161,8 +161,10 @@
 /* General defines, not wrapable */
 #ifndef SWIG
 #define MS_DEFAULT_MAPFILE_PATTERN "\\.map$"
-#define MS_TEMPLATE_EXPR "\\.(jsp|asp|cfm|xml|wml|html|htm|shtml|phtml|php|svg|kml|gml|js|tmpl)$"
 
+#define MS_TEMPLATE_MAGIC_STRING "MapServer Template"
+#define MS_TEMPLATE_EXPR "\\.(xml|wml|html|htm|svg|kml|gml|js|tmpl)$"
+
 #define MS_INDEX_EXTENSION ".qix"
 #define MS_QUERY_EXTENSION ".qy"
 

Modified: branches/branch-5-4/mapserver/maptemplate.c
===================================================================
--- branches/branch-5-4/mapserver/maptemplate.c	2009-04-01 03:24:31 UTC (rev 8856)
+++ branches/branch-5-4/mapserver/maptemplate.c	2009-04-01 03:43:01 UTC (rev 8857)
@@ -41,6 +41,20 @@
 
 static char *processLine(mapservObj *mapserv, char *instr, FILE *stream, int mode);
 
+static int isValidTemplate(FILE *stream, const char *filename)
+{
+  char buffer[MS_BUFFER_LENGTH];
+
+  if(fgets(buffer, MS_BUFFER_LENGTH, stream) != NULL) {
+    if(!msCaseFindSubstring(buffer, MS_TEMPLATE_MAGIC_STRING)) {
+      msSetError(MS_WEBERR, "Missing magic string, %s doesn't look like a MapServer template.", "isValidTemplate()", filename);
+      return MS_FALSE;
+    }
+  }
+
+  return MS_TRUE;
+}
+
 /*
  * Redirect to (only use in CGI)
  * 
@@ -1040,6 +1054,11 @@
       return MS_FAILURE;
     } 
     
+    if(isValidTemplate(includeStream, src) != MS_TRUE) {
+      fclose(includeStream);
+      return MS_FAILURE;
+    }
+
     while(fgets(buffer, MS_BUFFER_LENGTH, includeStream) != NULL)
       content = msStringConcatenate(content, buffer);
 
@@ -2867,6 +2886,11 @@
           return(NULL);
         }
 
+        if(isValidTemplate(stream, join->header) != MS_TRUE) {
+          fclose(stream);
+          return NULL;
+        }
+
         /* echo file to the output buffer, no substitutions */
         while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = msStringConcatenate(outbuf, line);
 
@@ -2878,6 +2902,11 @@
         return(NULL);
       }      
       
+      if(isValidTemplate(stream, join->template) != MS_TRUE) {
+        fclose(stream);
+        return NULL;
+      }
+
       records = MS_TRUE;
     }
     
@@ -2892,6 +2921,7 @@
     }
       
     rewind(stream);
+    fgets(line, MS_BUFFER_LENGTH, stream); /* skip the first line since it's the magic string */
   } /* next record */
 
   if(records==MS_TRUE && join->footer) {    
@@ -2900,6 +2930,11 @@
       return(NULL);
     }
 
+    if(isValidTemplate(stream, join->footer) != MS_TRUE) {
+      fclose(stream);
+      return NULL;
+    }
+
     /* echo file to the output buffer, no substitutions */
     while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = msStringConcatenate(outbuf, line);
     
@@ -3443,6 +3478,11 @@
     return MS_FAILURE;
   } 
 
+  if(isValidTemplate(stream, html) != MS_TRUE) {
+    fclose(stream);
+    return MS_FAILURE;
+  }
+
   if(papszBuffer) {
     if((*papszBuffer) == NULL) {
       (*papszBuffer) = (char *)malloc(MS_TEMPLATE_BUFFER);



More information about the mapserver-commits mailing list