Return default port if non-numeric characters are set in pihole-FTL.conf for FTLPORT. FTL does the same in such case and provide the API on 4711

Signed-off-by: Christian König <ckoenig@posteo.de>
This commit is contained in:
Christian König 2022-09-26 23:40:09 +02:00
parent 25ba68104b
commit 276c480f50
No known key found for this signature in database
2 changed files with 5 additions and 7 deletions

View file

@ -82,16 +82,14 @@ getFTLAPIPort(){
if [ -s "$FTLCONFFILE" ]; then
# if FTLPORT is not set in pihole-FTL.conf, use the default port
ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)"
# Exploit prevention: unset the variable if there is malicious content
# Verify that the value read from the file is numeric
expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && unset ftl_api_port
# Exploit prevention: set the port to the default port if there is malicious (non-numeric)
# content set in pihole-FTL.conf
expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}"
else
# if there is no pihole-FTL.conf, use the default port
ftl_api_port="${DEFAULT_FTL_PORT}"
fi
# If the ftl_api_port contained malicious stuff, substitute with -1
ftl_api_port=${ftl_api_port:=-1}
echo "${ftl_api_port}"
}

View file

@ -92,7 +92,7 @@ def test_getFTLAPIPort_custom(host):
def test_getFTLAPIPort_malicious(host):
"""Confirms getFTLAPIPort returns -1 if the setting in pihole-FTL.conf contains non-digits"""
"""Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits"""
host.run(
"""
echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf
@ -104,7 +104,7 @@ def test_getFTLAPIPort_malicious(host):
getFTLAPIPort
"""
)
expected_stdout = "-1\n"
expected_stdout = "4711\n"
assert expected_stdout == output.stdout