From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [45.144.208.40]) by lore.proxmox.com (Postfix) with ESMTPS id 3B8531FF0E5 for ; Wed, 15 Jul 2026 11:48:32 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id 8976D213ED; Wed, 15 Jul 2026 11:48:31 +0200 (CEST) Date: Wed, 15 Jul 2026 11:48:22 +0200 From: Stoiko Ivanov To: Stefan Hanreich Subject: Re: [PATCH pve-firewall 1/1] fix #7818: disallow line feeds in firewall comments Message-ID: <20260715114753.69626912@rosa.proxmox.com> In-Reply-To: <20260715093432.34437-1-s.hanreich@proxmox.com> References: <20260715093432.34437-1-s.hanreich@proxmox.com> X-Mailer: Claws Mail 4.3.1 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1784108886539 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.292 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) RCVD_IN_DNSWL_LOW -0.7 Sender listed at https://www.dnswl.org/, low trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: OLWF3VNBGX3KUSRDRB6UTOVPMOPMPD6R X-Message-ID-Hash: OLWF3VNBGX3KUSRDRB6UTOVPMOPMPD6R X-MailFrom: s.ivanov@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: pve-devel@lists.proxmox.com X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Thanks for tackling this so quickly! On Wed, 15 Jul 2026 11:34:30 +0200 Stefan Hanreich wrote: > They do not get sanitized and interpreted literally, allowing for > authenticated users to inject additional lines into the firewall > configuration files. > > Signed-off-by: Stefan Hanreich > --- > > Notes: > Did quickly check the other properties as well, but couldn't find > anything. Will take a closer look still but wanted to get the patch > ready in the meanwhile. > > src/PVE/Firewall.pm | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm > index 93f8c34..894a87b 100644 > --- a/src/PVE/Firewall.pm > +++ b/src/PVE/Firewall.pm > @@ -1228,6 +1228,18 @@ sub pve_fw_verify_icmp_type_spec { > return $icmp_type; > } > > +PVE::JSONSchema::register_format('pve-fw-comment-spec', \&pve_fw_verify_comment_spec); > + > +sub pve_fw_verify_comment_spec { > + my ($comment) = @_; > + > + if ($comment =~ m/[\n\r]/) { suggestion: would restrict this here to printable characters and exclude any vertical space: https://perldoc.perl.org/perlunicode#%5Cp%7BPrint%7D https://perldoc.perl.org/perlunicode#%5Cp%7BVertSpace%7D as I'd not expect people to use control-chars in their comments (of course that's breaking backward-compat a bit more) > + die "comment must not contain a line feed\n"; > + } > + > + return $comment; > +} > + > # helper function for API > > sub copy_opject_with_digest { > @@ -1623,6 +1635,7 @@ my $rule_properties = { > description => "Descriptive comment.", > type => 'string', > optional => 1, > + format => 'pve-fw-comment-spec', > }, > 'icmp-type' => { > description =>