} // Validate the BOUNCE-TO Alias entries for correct format of their defined values. BOUNCE-TO ADDRESS must be // a valid single IP, and BOUNCE-TO PORT must be either a single port value or a port range value. Provide // detailed error messages for the user that explain any problems. if ($_POST['ftp_client_bounce_to_net'] && $_POST['ftp_client_bounce_to_port']) { if (!snort_is_single_addr_alias($_POST['ftp_client_bounce_to_net'])) { $net = trim(filter_expand_alias($_POST['ftp_client_bounce_to_net'])); $net = preg_replace('/\\s+/', ',', $net); $msg = gettext("The FTP Protocol BOUNCE-TO ADDRESS parameter must be a single IP network or address, "); $msg .= gettext("so the supplied Alias must be defined as a single address or network in CIDR form. "); $msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_net']} ] is currently defined as [ {$net} ]."); $input_errors[] = $msg; } $port = trim(filter_expand_alias($_POST['ftp_client_bounce_to_port'])); $port = preg_replace('/\\s+/', ',', $port); if (!is_port($port) && !is_portrange($port)) { $msg = gettext("The FTP Protocol BOUNCE-TO PORT parameter must be a single port or port-range, "); $msg .= gettext("so the supplied Alias must be defined as a single port or port-range value. "); $msg .= gettext("The Alias [ {$_POST['ftp_client_bounce_to_port']} ] is currently defined as [ {$port} ]."); $input_errors[] = $msg; } } $engine['bounce_to_net'] = $_POST['ftp_client_bounce_to_net']; $engine['bounce_to_port'] = $_POST['ftp_client_bounce_to_port']; $engine['telnet_cmds'] = $_POST['ftp_telnet_cmds'] ? 'yes' : 'no'; $engine['ignore_telnet_erase_cmds'] = $_POST['ftp_ignore_telnet_erase_cmds'] ? 'yes' : 'no'; $engine['bounce'] = $_POST['ftp_client_bounce_detect'] ? 'yes' : 'no'; $engine['max_resp_len'] = $_POST['ftp_max_resp_len']; /* Can only have one "all" Bind_To address */ if ($engine['bind_to'] == "all" && $engine['name'] != "default") { $input_errors[] = gettext("Only one default FTP Engine can be bound to all addresses.");
/* item is a normal alias type */ $wrongaliases = ""; $desc_fmt_err_found = false; for ($x = 0; $x < 4999; $x++) { if ($_POST["address{$x}"] != "") { $_POST["address{$x}"] = trim($_POST["address{$x}"]); if (is_alias($_POST["address{$x}"])) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($_POST["address{$x}"])))) { $wrongaliases .= " " . $_POST["address{$x}"]; } } } else { if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"]) && !is_portrange($_POST["address{$x}"])) { $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (is_subnet($_POST["address{$x}"]) || !is_ipaddr($_POST["address{$x}"]) && !is_hostname($_POST["address{$x}"]) && !is_iprange($_POST["address{$x}"])) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s alias.'), $_POST["address{$x}"], $_POST['type']); } } } } if (is_iprange($_POST["address{$x}"])) { list($startip, $endip) = explode('-', $_POST["address{$x}"]); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $address = array_merge($address, $rangesubnets); } else {
} } } } // Validate the input data expanded above. foreach ($input_addresses as $idx => $input_address) { if (is_alias($input_address)) { if (!alias_same_type($input_address, $_POST['type'])) { // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && preg_match("/urltable/i", alias_get_type($input_address)))) { $wrongaliases .= " " . $input_address; } } } else { if ($_POST['type'] == "port") { if (!is_port($input_address) && !is_portrange($input_address)) { $input_errors[] = $input_address . " " . gettext("is not a valid port or alias."); } } else { if ($_POST['type'] == "host" || $_POST['type'] == "network") { if (is_subnet($input_address) || !is_ipaddr($input_address) && !is_hostname($input_address)) { $input_errors[] = sprintf(gettext('%1$s is not a valid %2$s address, FQDN or alias.'), $input_address, $_POST['type']); } } } } $tmpaddress = $input_address; if ($_POST['type'] != "host" && is_ipaddr($input_address) && $input_address_subnet[$idx] != "") { if (!is_subnet($input_address . "/" . $input_address_subnet[$idx])) { $input_errors[] = sprintf(gettext('%s/%s is not a valid subnet.'), $input_address, $input_address_subnet[$idx]); } else {
if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); } if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); } if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); } if ($protocol_uses_ports && $_POST['sourceport'] != "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) { $input_errors[] = gettext("A valid port or port alias must be supplied for the source port entry."); } if ($protocol_uses_ports && $_POST['dstport'] != "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { $input_errors[] = gettext("A valid port or port alias must be supplied for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !(is_portoralias($_POST['natport']) || is_portrange($_POST['natport'])) && !isset($_POST['nonat'])) { $input_errors[] = gettext("A valid port must be supplied for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } }
$port = trim(filter_expand_alias($v['bounce_to_port'])); if (!empty($net) && !empty($port) && snort_is_single_addr_alias($v['bounce_to_net']) && (is_port($port) || is_portrange($port))) { $port = preg_replace('/\\s+/', ',', $port); // Change port range delimiter to comma for ftp_telnet client preprocessor if (is_portrange($port)) { $port = str_replace(":", ",", $port); } $buffer .= "\tbounce yes \\\n"; $buffer .= "\tbounce_to { {$net},{$port} }\n"; } else { // One or both of the BOUNCE_TO alias values is not right, // so figure out which and log an appropriate error. if (empty($net) || !snort_is_single_addr_alias($v['bounce_to_net'])) { log_error("[snort] ERROR: illegal value for bounce_to Address Alias [{$v['bounce_to_net']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); } if (empty($port) || !(is_port($port) || is_portrange($port))) { log_error("[snort] ERROR: illegal value for bounce_to Port Alias [{$v['bounce_to_port']}] for FTP client engine [{$v['name']}] ... omitting 'bounce_to' option for this client engine."); } $buffer .= "\tbounce yes\n"; } } else { $buffer .= "\tbounce yes\n"; } } else { $buffer .= "\tbounce no\n"; } // Add this FTP client engine to the master string $ftp_client_engine .= "{$buffer}\n"; } // Trim final trailing newline rtrim($ftp_client_engine);
$desc_fmt_err_found = false; if ($tab == "port") { $alias_type = $tab; } else { $alias_type = "host"; } foreach ($tocheck as $impline) { $implinea = explode(" ", trim($impline), 2); $impip = $implinea[0]; $impdesc = trim($implinea[1]); if (strlen($impdesc) < 200) { if (strpos($impdesc, "||") === false && substr($impdesc, 0, 1) != "|" && substr($impdesc, -1, 1) != "|") { if ($tab == "port") { // Port alias if (!empty($impip)) { if (is_port($impip) || is_portrange($impip)) { $imported_ips[] = $impip; $imported_descs[] = $impdesc; } else { $input_errors[] = sprintf(gettext("%s is not a valid port or port range."), $impip); } } } else { // IP alias - host or network $iprange_type = is_iprange($impip); if ($iprange_type == 4) { list($startip, $endip) = explode('-', $impip); $rangesubnets = ip_range_to_subnet_array($startip, $endip); $imported_ips = array_merge($imported_ips, $rangesubnets); $rangedescs = array_fill(0, count($rangesubnets), $impdesc); $imported_descs = array_merge($imported_descs, $rangedescs);
if ($_POST['targetip']) { $_POST['targetip'] = trim($_POST['targetip']); } if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); } if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); } if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); } if ($protocol_uses_ports && $_POST['sourceport'] != "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if ($protocol_uses_ports && $_POST['dstport'] != "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
} if ($_POST['type'] == "network") { if (!is_ipaddr($_POST['address'])) { $input_errors[] = "Geçerli bir adres tanımlanmaldır."; } if (!is_numeric($_POST['address_subnet'])) { $input_errors[] = "Geçerli bir subnet bit count tanımlanmalıdır."; } } if ($_POST['type'] == "url") { if (stristr($_POST['address'], "http") == false) { $input_errors[] = "Bu kaynak için geçerli bir URL sağlamanız gerekir."; } } if ($_POST['type'] == "port") { if (!is_port($_POST['address']) && !is_portrange($_POST['address'])) { $input_errors[] = "Lütfen port aralığı içinde geçerlibir port tanımlayınız."; } } /* check for name conflicts */ foreach ($a_aliases as $alias) { if (isset($id) && $a_aliases[$id] && $a_aliases[$id] === $alias) { continue; } if ($alias['name'] == $_POST['name']) { $input_errors[] = "Bu takma isimle bir tanımlama mevcuttur."; break; } } /* check for name interface description conflicts */ foreach ($config['interfaces'] as $interface) {