[mapserver-commits] r8857 - branches/branch-5-4/mapserver
svn at osgeo.org
svn at osgeo.org
Tue Mar 31 23:43:01 EDT 2009
Author: sdlime
Date: 2009-03-31 23:43:01 -0400 (Tue, 31 Mar 2009)
New Revision: 8857
Modified:
branches/branch-5-4/mapserver/mapserv.c
branches/branch-5-4/mapserver/mapserver.h
branches/branch-5-4/mapserver/maptemplate.c
Log:
Added magic string support to templates. Added MS_MAP_PATTERN and MS_MAP_NO_PATH env vars to the CGI to limit file system access for mapfiles.
Modified: branches/branch-5-4/mapserver/mapserv.c
===================================================================
--- branches/branch-5-4/mapserver/mapserv.c 2009-04-01 03:24:31 UTC (rev 8856)
+++ branches/branch-5-4/mapserver/mapserv.c 2009-04-01 03:43:01 UTC (rev 8857)
@@ -197,10 +197,23 @@
writeError();
}
} else {
- if(getenv(mapserv->request->ParamValues[i])) /* an environment references the actual file to use */
+ if(getenv(mapserv->request->ParamValues[i])) /* an environment variable references the actual file to use */
map = msLoadMap(getenv(mapserv->request->ParamValues[i]), NULL);
- else
+ else {
+ /* by here we know the request isn't for something in an environment variable */
+ if(getenv("MS_MAP_NO_PATH")) {
+ msSetError(MS_WEBERR, "Mapfile not found in environment variables and this server is not configured for full paths.", "loadMap()");
+ writeError();
+ }
+
+ if(getenv("MS_MAP_PATTERN") && msEvalRegex(getenv("MS_MAP_PATTERN"), mapserv->request->ParamValues[i]) != MS_TRUE) {
+ msSetError(MS_WEBERR, "Parameter 'map' value fails to validate.", "loadMap()");
+ writeError();
+ }
+
+ /* ok to try to load now */
map = msLoadMap(mapserv->request->ParamValues[i], NULL);
+ }
}
if(!map) writeError();
Modified: branches/branch-5-4/mapserver/mapserver.h
===================================================================
--- branches/branch-5-4/mapserver/mapserver.h 2009-04-01 03:24:31 UTC (rev 8856)
+++ branches/branch-5-4/mapserver/mapserver.h 2009-04-01 03:43:01 UTC (rev 8857)
@@ -161,8 +161,10 @@
/* General defines, not wrapable */
#ifndef SWIG
#define MS_DEFAULT_MAPFILE_PATTERN "\\.map$"
-#define MS_TEMPLATE_EXPR "\\.(jsp|asp|cfm|xml|wml|html|htm|shtml|phtml|php|svg|kml|gml|js|tmpl)$"
+#define MS_TEMPLATE_MAGIC_STRING "MapServer Template"
+#define MS_TEMPLATE_EXPR "\\.(xml|wml|html|htm|svg|kml|gml|js|tmpl)$"
+
#define MS_INDEX_EXTENSION ".qix"
#define MS_QUERY_EXTENSION ".qy"
Modified: branches/branch-5-4/mapserver/maptemplate.c
===================================================================
--- branches/branch-5-4/mapserver/maptemplate.c 2009-04-01 03:24:31 UTC (rev 8856)
+++ branches/branch-5-4/mapserver/maptemplate.c 2009-04-01 03:43:01 UTC (rev 8857)
@@ -41,6 +41,20 @@
static char *processLine(mapservObj *mapserv, char *instr, FILE *stream, int mode);
+static int isValidTemplate(FILE *stream, const char *filename)
+{
+ char buffer[MS_BUFFER_LENGTH];
+
+ if(fgets(buffer, MS_BUFFER_LENGTH, stream) != NULL) {
+ if(!msCaseFindSubstring(buffer, MS_TEMPLATE_MAGIC_STRING)) {
+ msSetError(MS_WEBERR, "Missing magic string, %s doesn't look like a MapServer template.", "isValidTemplate()", filename);
+ return MS_FALSE;
+ }
+ }
+
+ return MS_TRUE;
+}
+
/*
* Redirect to (only use in CGI)
*
@@ -1040,6 +1054,11 @@
return MS_FAILURE;
}
+ if(isValidTemplate(includeStream, src) != MS_TRUE) {
+ fclose(includeStream);
+ return MS_FAILURE;
+ }
+
while(fgets(buffer, MS_BUFFER_LENGTH, includeStream) != NULL)
content = msStringConcatenate(content, buffer);
@@ -2867,6 +2886,11 @@
return(NULL);
}
+ if(isValidTemplate(stream, join->header) != MS_TRUE) {
+ fclose(stream);
+ return NULL;
+ }
+
/* echo file to the output buffer, no substitutions */
while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = msStringConcatenate(outbuf, line);
@@ -2878,6 +2902,11 @@
return(NULL);
}
+ if(isValidTemplate(stream, join->template) != MS_TRUE) {
+ fclose(stream);
+ return NULL;
+ }
+
records = MS_TRUE;
}
@@ -2892,6 +2921,7 @@
}
rewind(stream);
+ fgets(line, MS_BUFFER_LENGTH, stream); /* skip the first line since it's the magic string */
} /* next record */
if(records==MS_TRUE && join->footer) {
@@ -2900,6 +2930,11 @@
return(NULL);
}
+ if(isValidTemplate(stream, join->footer) != MS_TRUE) {
+ fclose(stream);
+ return NULL;
+ }
+
/* echo file to the output buffer, no substitutions */
while(fgets(line, MS_BUFFER_LENGTH, stream) != NULL) outbuf = msStringConcatenate(outbuf, line);
@@ -3443,6 +3478,11 @@
return MS_FAILURE;
}
+ if(isValidTemplate(stream, html) != MS_TRUE) {
+ fclose(stream);
+ return MS_FAILURE;
+ }
+
if(papszBuffer) {
if((*papszBuffer) == NULL) {
(*papszBuffer) = (char *)malloc(MS_TEMPLATE_BUFFER);
More information about the mapserver-commits
mailing list