mirror of
https://github.com/openwrt/luci.git
synced 2026-07-15 06:12:12 +04:00
luci-app-openvpn: security fix
- fixed a critical path traversal vulnerability in `luci-app-openvpn`, that allows authenticated users to upload arbitrary files and achieve root code execution. Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
committed by
Florian Eckert
parent
61fbfe65e8
commit
e9ebca7598
@@ -19,7 +19,15 @@ function ovpn_upload()
|
|||||||
local uci = require("luci.model.uci").cursor()
|
local uci = require("luci.model.uci").cursor()
|
||||||
local upload = http.formvalue("ovpn_file")
|
local upload = http.formvalue("ovpn_file")
|
||||||
local name = http.formvalue("instance_name2")
|
local name = http.formvalue("instance_name2")
|
||||||
|
|
||||||
local basedir = "/etc/openvpn"
|
local basedir = "/etc/openvpn"
|
||||||
|
-- SECURITY FIX: Validate instance_name2 to prevent path traversal
|
||||||
|
-- Allow only alphanumeric, underscore, and hyphen (standard UCI naming)
|
||||||
|
if not name or not name:match("^[a-zA-Z0-9_-]+$") then
|
||||||
|
http.status(400, "Bad Request")
|
||||||
|
http.write("Invalid instance name")
|
||||||
|
return
|
||||||
|
end
|
||||||
local file = basedir.. "/" ..name.. ".ovpn"
|
local file = basedir.. "/" ..name.. ".ovpn"
|
||||||
|
|
||||||
if not fs.stat(basedir) then
|
if not fs.stat(basedir) then
|
||||||
|
|||||||
Reference in New Issue
Block a user