5
0
mirror of git://git.proxmox.com/git/proxmox-backup.git synced 2024-12-22 13:34:16 +03:00

proxy: limit theme value in length and disallow '/'

while with rust strings we cannot inject \0, it feels a bit safer to
enforce some basic restrictions, with length and not containing any
slash seems sensible enough.

Admins should not put sensible data as theme-XYZ.css files in
/usr/share (which is normally readable by all system users anyway)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-03-14 17:54:14 +01:00
parent ee0eaeae63
commit 6b815bc022

View File

@ -96,10 +96,12 @@ fn get_language(headers: &http::HeaderMap) -> String {
fn get_theme(headers: &http::HeaderMap) -> String {
let exists = |t: &str| {
Path::new(&format!(
"/usr/share/javascript/proxmox-widget-toolkit/themes/theme-{t}.css"
))
.exists()
t.len() < 32
&& !t.contains('/')
&& Path::new(&format!(
"/usr/share/javascript/proxmox-widget-toolkit/themes/theme-{t}.css"
))
.exists()
};
match cookie_from_header(headers, "PBSThemeCookie") {