Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2025-12-25 05:05:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check IP addresses read in from dns-server.conf are valid before adding them to the array.

Browse Source 
Fix for CVE-2020-12620

Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
2020-05-03 22:47:33 +01:00
parent d5477c5cfb
commit 6e5bbfb68a
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/pi-hole/php/savesettings.php
View File

@@ -81,7 +81,7 @@ function readStaticLeasesFile($origin_file="/etc/dnsmasq.d/04-pihole-static-dhcp
$dhcp_static_leases = array();
if(!file_exists($origin_file) || !is_readable($origin_file))
return false;
$dhcpstatic = @fopen($origin_file, 'r');
if(!is_resource($dhcpstatic))
return false;
@@ -148,16 +148,16 @@ function readDNSserversList()
$line = explode(';', $line);
$name = $line[0];
$values = [];
if (!empty($line[1])) {
if (!empty($line[1]) && validIP($line[1])) {
$values["v4_1"] = $line[1];
}
if (!empty($line[2])) {
if (!empty($line[2]) && validIP($line[2])) {
$values["v4_2"] = $line[2];
}
if (!empty($line[3])) {
if (!empty($line[3]) && validIP($line[3])) {
$values["v6_1"] = $line[3];
}
if (!empty($line[4])) {
if (!empty($line[4]) && validIP($line[4])) {
$values["v6_2"] = $line[4];
}
$list[$name] = $values;
@@ -202,7 +202,7 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
// Test if this lease is already included
readStaticLeasesFile();
foreach($dhcp_static_leases as $lease) {
if($lease["hwaddr"] === $mac)
{