1From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001 2From: Changqing Li <changqing.li@windriver.com> 3Date: Wed, 4 Jan 2023 14:23:34 +0800 4Subject: [PATCH] [DEV-2283] added validation of the scheduled report 5 generation URL to zabbix-web-service 6 7Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867] 8CVE: CVE-2022-46768 9 10Signed-off-by: Changqing Li <changqing.li@windriver.com> 11--- 12 .../zabbix_web_service/pdf_report_creator.go | 18 ++++++++++++++++++ 13 1 file changed, 18 insertions(+) 14 15diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go 16index 391b58b..8452a3d 100644 17--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go 18+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go 19@@ -29,6 +29,7 @@ import ( 20 "net/http" 21 "net/url" 22 "strconv" 23+ "strings" 24 "time" 25 26 "github.com/chromedp/cdproto/emulation" 27@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) { 28 return 29 } 30 31+ if u.Scheme != "http" && u.Scheme != "https" { 32+ logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest) 33+ return 34+ } 35+ 36+ if !strings.HasSuffix(u.Path, "/zabbix.php") { 37+ logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest) 38+ return 39+ } 40+ 41+ queryParams := u.Query() 42+ 43+ if queryParams.Get("action") != "dashboard.print" { 44+ logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest) 45+ return 46+ } 47+ 48 log.Tracef( 49 "making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s", 50 u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr) 51-- 522.25.1 53 54