sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

s3 swat: Fix possible XSS attack (bug #8289)

Browse Source 
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.

This patch fixes the reflection issue by not printing user-specified content on
the website anymore.

Signed-off-by: Kai Blin <kai@samba.org>
This commit is contained in:
Kai Blin 2011-07-07 10:03:33 +02:00 committed by Jeremy Allison
parent 78b54e9ee1
commit dc50cf38c1
1 changed files with 2 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source3/web/swat.c
View File

@ -1133,11 +1133,9 @@ static void chg_passwd(void)
if(cgi_variable(CHG_S_PASSWD_FLAG)) {
printf("<p>");
if (rslt == True) {
printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
printf("\n");
printf("%s\n", _(" The passwd has been changed."));
} else {
printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
printf("\n");
printf("%s\n", _(" The passwd for has NOT been changed."));
}
}
@ -1151,14 +1149,6 @@ static void passwd_page(void)
{
const char *new_name = cgi_user_name();
/*
* After the first time through here be nice. If the user
* changed the User box text to another users name, remember it.
*/
if (cgi_variable(SWAT_USER)) {
new_name = cgi_variable_nonull(SWAT_USER);
}
if (!new_name) new_name = "";
printf("<H2>%s</H2>\n", _("Server Password Management"));