1. Forum
  2. Usenet
  3. NEWS.ADMIN.PEERING

  • Re: filter_nnrpd.pl - critical

    From Billy G.@21:1/5 to Billy G. on Mon Aug 4 23:55:42 2025
    On 04.08.25 18:03, Billy G. wrote:
    this file was extracted from i2pn2.org

    but some files are missing :/

    # filter_nnrpd.pl
    #
    # Do any initialization steps.
    #
    use Digest::SHA qw(hmac_sha256_base64 hmac_sha512_base64 sha256_hex ....

    Claude4 says (that's AI):

    Looking at this code,
    I can see several **serious security vulnerabilities**!

    Let me highlight the major issues:
    Yes, there are **multiple serious security vulnerabilities**!

    Here are the critical issues:

    ## 🚨 **CRITICAL SECURITY VULNERABILITIES**

    ### **1. Path Traversal via Message Headers (CRITICAL)**
    ```perl
    $postedfile = "/news/spam/posted/".$hdr{"From"}."-".$hdr{"Message-ID"};
    ```
    - `$hdr{"From"}` and `$hdr{"Message-ID"}` come directly from user input
    - An attacker could set: `From: ../../../etc/passwd`
    - This creates: `/news/spam/posted/../../../etc/passwd-<msgid>`
    - **Impact**: Write to arbitrary files on the system!


    ### **2. Command Injection via Shell Execution (CRITICAL)**
    ```perl
    $rval = `/usr/bin/php /news/spam/bin/checkrate.php $arguments`;
    $spamvalue = `/usr/bin/php /news/spam/bin/i2pn2-spamassassin.php $sa_arguments`;
    ```
    - Variables contain user-controlled data despite escaping
    - The escaping only handles `$` and `"` but misses other shell
    metacharacters
    - **Impact**: Remote command execution!


    ### **3. Weak Temporary File Generation**
    ```perl
    $tempfile = rand(100);
    ```
    - Predictable filenames (0-99)
    - **Impact**: Race conditions, file collision attacks


    ### **4. Unescaped Data in Log Files**
    ```perl
    print $fh "\n " . $note . "by: " . $user . " as " . $hdr{"From"};
    ```
    - User data written directly to logs
    - **Impact**: Log injection, potential log poisoning


    ### **5. Insufficient Input Validation**
    The escaping is incomplete:
    ```perl
    $mid =~ s/([\$"])/\\$1/g; # Only escapes $ and "
    ```
    Missing: `;`, `|`, `&`, `` ` ``, `(`, `)`, `\n`, etc.


    ## 🛠️ **How to Fix These Issues**

    Would you like me to create a secured version that:
    1. Validates and sanitizes all file paths
    2. Uses proper shell escaping or avoids shell calls entirely
    3. Implements secure temporary file generation
    4. Adds comprehensive input validation
    5. Uses prepared statements/safer execution methods

    This code is **extremely dangerous** in its current state and should not
    be deployed without these security fixes!

    --
    .......
    Billy G. (go-while)
    https://pugleaf.net
    @Newsgroup: rocksolid.nodes.help
    irc.pugleaf.net:6697 (SSL) #lounge
    discord: https://discord.gg/rECSbHHFzp

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)