Gentoo Attachment #127248 for bug #187994

View | Details | Raw Unified
Collapse All | Expand All

(-) awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl (-4 / +4 lines)

Lines 5534-5540	Link Here

	    $QueryString =~ s/&/&amp;/g;

	    $QueryString =~ s/&/&amp;/g;

	$QueryString = CleanFromCSSA($QueryString);

	$QueryString = CleanFromCSSA(&DecodeEncodedString($QueryString));

    # Security test

    # Security test

	if ($QueryString =~ /LogFile=([^&]+)/i)				{ error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }

	if ($QueryString =~ /LogFile=([^&]+)/i)				{ error("Logfile parameter can't be overwritten when AWStats is used from a CGI"); }

Lines 5542-5548	Link Here

	# No update but report by default when run from a browser

	# No update but report by default when run from a browser

	$UpdateStats=($QueryString=~/update=1/i?1:0);

	$UpdateStats=($QueryString=~/update=1/i?1:0);

	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&DecodeEncodedString("$1"); }

	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize(&DecodeEncodedString("$1")); }

	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }

	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons=&DecodeEncodedString("$1"); }

	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }

	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize(&DecodeEncodedString("$1"),1); }

	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }

	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize(&DecodeEncodedString("$1")); }

Lines 5561-5567	Link Here

	# If migrate

	# If migrate

	if ($QueryString =~ /(^|-|&|&amp;)migrate=([^&]+)/i)	{

	if ($QueryString =~ /(^|-|&|&amp;)migrate=([^&]+)/i)	{

		$MigrateStats=&DecodeEncodedString("$2");

		$MigrateStats=&Sanitize(&DecodeEncodedString("$2"));

		$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;

		$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;

		$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//;		# SiteConfig is used to find config file

		$SiteConfig=$5?$5:'xxx'; $SiteConfig =~ s/^\.//;		# SiteConfig is used to find config file

Lines 5591-5597	Link Here

	# Update with no report by default when run from command line

	# Update with no report by default when run from command line

	$UpdateStats=1;

	$UpdateStats=1;

	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig="$1"; }

	if ($QueryString =~ /config=([^&]+)/i)				{ $SiteConfig=&Sanitize("$1"); }

	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }

	if ($QueryString =~ /diricons=([^&]+)/i)			{ $DirIcons="$1"; }

	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1",1); }

	if ($QueryString =~ /pluginmode=([^&]+)/i)			{ $PluginMode=&Sanitize("$1",1); }

	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }

	if ($QueryString =~ /configdir=([^&]+)/i)			{ $DirConfig=&Sanitize("$1"); }

(-) awstats-6.5.orig/wwwroot/cgi-bin/awstats.pl (-1 / +1 lines)

Lines 1131-1137	Link Here

	my $configdir=shift;

	my $configdir=shift;

	my @PossibleConfigDir=();

	my @PossibleConfigDir=();

	if ($configdir) { @PossibleConfigDir=("$configdir"); }

	if ($configdir && $ENV{"AWSTATS_ENABLE_CONFIG_DIR"}) { @PossibleConfigDir=("$configdir"); }

	else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); }

	else { @PossibleConfigDir=("$DIR","/etc/awstats","/usr/local/etc/awstats","/etc","/etc/opt/awstats"); }

	# Open config file

	# Open config file

(-) awstats-6.5.orig/tools/awstats_buildstaticpages.pl (-2 / +2 lines)

Lines 75-81	Link Here

# Return:		None

# Return:		None

#------------------------------------------------------------------------------

#------------------------------------------------------------------------------

sub error {

sub error {

	print "Error: $_[0].\n";

	print STDERR "Error: $_[0].\n";

    exit 1;

    exit 1;

Lines 95-101	Link Here

#    		print "$messagestring<br />\n";

#    		print "$messagestring<br />\n";

#    	}

#    	}

#    	else {

#    	else {

	    	print "$messagestring\n";

	    	print STDERR "$messagestring\n";

#    	}

#    	}

#	}

#	}

(-) awstats-6.5.orig/tools/awstats_configure.pl (-1 / +1 lines)

Lines 87-93	Link Here

# error

# error

#-------------------------------------------------------

#-------------------------------------------------------

sub error {

sub error {

	print "Error: $_[0].\n";

	print STDERR "Error: $_[0].\n";

    exit 1;

    exit 1;

(-) awstats-6.5.orig/tools/awstats_exportlib.pl (-2 / +2 lines)

Lines 93-100	Link Here

	my $thirdmessage=shift||"";

	my $thirdmessage=shift||"";

	my $donotshowsetupinfo=shift||0;

	my $donotshowsetupinfo=shift||0;

	if ($Debug) { debug("$message $secondmessage $thirdmessage",1); }

	if ($Debug) { debug("$message $secondmessage $thirdmessage",1); }

	print "$message";

	print STDERR "$message";

	print "\n";

	print STDERR "\n";

	exit 1;

	exit 1;

(-) awstats-6.5.orig/tools/awstats_updateall.pl (-1 / +1 lines)

Lines 36-42	Link Here

# Return:		None

# Return:		None

#------------------------------------------------------------------------------

#------------------------------------------------------------------------------

sub error {

sub error {

	print "Error: $_[0].\n";

	print STDERR "Error: $_[0].\n";

    exit 1;

    exit 1;

#-----------------------------------------------------------------------------

#-----------------------------------------------------------------------------

(-) awstats-6.5.orig/tools/maillogconvert.pl (-1 / +1 lines)

Lines 56-62	Link Here

#-------------------------------------------------------

#-------------------------------------------------------

sub error {

sub error {

	print "Error: $_[0].\n";

	print STDERR "Error: $_[0].\n";

    exit 1;

    exit 1;

(-) awstats-6.5.orig/tools/logresolvemerge.pl (-2 / +2 lines)

Lines 104-110	Link Here

# Return:		None

# Return:		None

#------------------------------------------------------------------------------

#------------------------------------------------------------------------------

sub error {

sub error {

	print "Error: $_[0].\n";

	print STDERR "Error: $_[0].\n";

    exit 1;

    exit 1;

Lines 133-139	Link Here

sub warning {

sub warning {

	my $messagestring=shift;

	my $messagestring=shift;

	if ($Debug) { debug("$messagestring",1); }

	if ($Debug) { debug("$messagestring",1); }

   	print "$messagestring\n";

   	print STDERR "$messagestring\n";

#-----------------------------------------------------------------------------

#-----------------------------------------------------------------------------

Attachment #127248: Fixed awstats-6.5-CVE-2006-2237-CVE-2006-1945.diff for bug #187994