Return default port if non-numeric characters are set in pihole-FTL.conf for FTLPORT. FTL does the same in such case and provide the API on 4711

Signed-off-by: Christian König <ckoenig@posteo.de>
This commit is contained in:
Christian König 2022-09-26 23:40:09 +02:00
parent 25ba68104b
commit 276c480f50
No known key found for this signature in database
2 changed files with 5 additions and 7 deletions

View file

@ -82,16 +82,14 @@ getFTLAPIPort(){
if [ -s "$FTLCONFFILE" ]; then if [ -s "$FTLCONFFILE" ]; then
# if FTLPORT is not set in pihole-FTL.conf, use the default port # if FTLPORT is not set in pihole-FTL.conf, use the default port
ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)" ftl_api_port="$({ grep '^FTLPORT=' "${FTLCONFFILE}" || echo "${DEFAULT_FTL_PORT}"; } | cut -d'=' -f2-)"
# Exploit prevention: unset the variable if there is malicious content # Exploit prevention: set the port to the default port if there is malicious (non-numeric)
# Verify that the value read from the file is numeric # content set in pihole-FTL.conf
expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && unset ftl_api_port expr "${ftl_api_port}" : "[^[:digit:]]" > /dev/null && ftl_api_port="${DEFAULT_FTL_PORT}"
else else
# if there is no pihole-FTL.conf, use the default port # if there is no pihole-FTL.conf, use the default port
ftl_api_port="${DEFAULT_FTL_PORT}" ftl_api_port="${DEFAULT_FTL_PORT}"
fi fi
# If the ftl_api_port contained malicious stuff, substitute with -1
ftl_api_port=${ftl_api_port:=-1}
echo "${ftl_api_port}" echo "${ftl_api_port}"
} }

View file

@ -92,7 +92,7 @@ def test_getFTLAPIPort_custom(host):
def test_getFTLAPIPort_malicious(host): def test_getFTLAPIPort_malicious(host):
"""Confirms getFTLAPIPort returns -1 if the setting in pihole-FTL.conf contains non-digits""" """Confirms getFTLAPIPort returns 4711 if the setting in pihole-FTL.conf contains non-digits"""
host.run( host.run(
""" """
echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf echo "FTLPORT=*$ssdfsd" > /etc/pihole/pihole-FTL.conf
@ -104,7 +104,7 @@ def test_getFTLAPIPort_malicious(host):
getFTLAPIPort getFTLAPIPort
""" """
) )
expected_stdout = "-1\n" expected_stdout = "4711\n"
assert expected_stdout == output.stdout assert expected_stdout == output.stdout