- Related to CVE-2025-50975 - Fixes PROT - ruleremark was already escaped when firewall.cgi was initially merged back in Core Update 77. - SRC_PORT, TGT_PORT, dnaport, src_addr & tgt_addr are already validated in the code as ports or port ranges. - std_net_tgt is a string defined in the code and not a variable - The variable key ignores any input that is not a digit and subsequently uses the next free rulenumber digit
Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/firewall.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index 5f1eac09e..20e6a95e4 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2013 Alexander Marx <[email protected]> # +# Copyright (C) 2013-2025 IPFire Team <[email protected]> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -2351,6 +2351,7 @@ sub saverule $fwdfwsettings{'ruleremark'}=~ s/,/;/g; utf8::decode($fwdfwsettings{'ruleremark'}); $fwdfwsettings{'ruleremark'}=&Header::escape($fwdfwsettings{'ruleremark'}); + $fwdfwsettings{'PROT'}=&Header::escape($fwdfwsettings{'PROT'}); if ($fwdfwsettings{'updatefwrule'} ne 'on'){ my $key = &General::findhasharraykey ($hash); $$hash{$key}[0] = $fwdfwsettings{'RULE_ACTION'}; -- 2.51.0
