Bugtraq: Re: Arbitrary code execution in eping plugin

[Jonathan Angliss <jon () netdork net>]

Hello Oliver,
Friday, June 10, 2005, 3:35:41 PM, you wrote:

> the problem is in function eping_validaddr() in functions.php where the
> host is checked if it is valid as the name says...
> But the only check is to see if it is a valid ip adress for eping, here
> is the code:
> --------------8<-----------------------------------------8<-------------------------------------
> function eping_validaddr($eping_hosttocheck)
> {
[..]
> }
> --------------8<-----------------------------------------8<-------------------------------------
> I am sorry but I am a coder and my eyes are bleeding when looking at
> stuff like that so here is my suggestion for replaceing the if-statement:
> if(preg_match("/^[0-9]{2,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?\.[0-9]{1,3}?$/",
> $eping_hosttocheck))
A better solution would be to limit the scope of the regex and use ^
and $ on the regex the original code has in place. I'd personally use:

If (preg_match("/^((25[0-5]|2[0-4][0-9]|1?\d{1,2})\.){3}((25[0-5]|2[0-4][0-9]|1?\d{1,2}))$/", $eping_hosttocheck))

Won't match IPv6 addresses, but neither will the original code, and it
matches IP addresses perfectly I believe.

-- 
Jonathan Angliss
<jon () netdork net>

Attachment: _bin
Description: