From cdb5304d2217c2c91a7126acee54f6883bb6de4f Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 7 Apr 2016 21:21:26 +0200
Subject: [PATCH] (legacy) cleanup and validate url alias download, closes
 https://github.com/opnsense/core/issues/877

---
 src/etc/rc.update_alias_url_data | 29 ++++++++---------------------
 1 file changed, 8 insertions(+), 21 deletions(-)

diff --git a/src/etc/rc.update_alias_url_data b/src/etc/rc.update_alias_url_data
index 13cdf3bc3..332da1222 100755
--- a/src/etc/rc.update_alias_url_data
+++ b/src/etc/rc.update_alias_url_data
@@ -30,6 +30,7 @@ require_once("config.inc");
 require_once("util.inc");
 require_once("pfsense-utils.inc");
 
+
 function update_alias_url_data()
 {
     global $config;
@@ -43,8 +44,7 @@ function update_alias_url_data()
                 continue;
             }
 
-            $address = "";
-            $isfirst = 0;
+            $address_list = array();
             foreach ($alias['aliasurl'] as $alias_url) {
                 /* fetch down and add in */
                 $temp_filename = tempnam('/tmp/', 'alias_import');
@@ -52,17 +52,6 @@ function update_alias_url_data()
                 $verify_ssl = isset($config['system']['checkaliasesurlcert']);
                 mkdir($temp_filename);
                 download_file($alias_url, $temp_filename . "/aliases", $verify_ssl);
-
-                /* if the item is tar gzipped then extract */
-                if (stripos($alias_url, '.tgz')) {
-                    if (!process_alias_tgz($temp_filename)) {
-                        continue;
-                    }
-                } elseif (stripos($alias_url, '.zip')) {
-                    if (!process_alias_unzip($temp_filename)) {
-                        continue;
-                    }
-                }
                 if (file_exists("{$temp_filename}/aliases")) {
                     $fd = @fopen("{$temp_filename}/aliases", 'r');
                     if (!$fd) {
@@ -79,19 +68,18 @@ function update_alias_url_data()
                         if (!empty($tmp_str)) {
                             $tmp = $tmp_str;
                         }
-                        if ($isfirst == 1) {
-                            $address .= ' ';
+                        // validate address, it should either be an address or a subnet and must be unique
+                        if ((is_ipaddr($tmp) || is_subnet($tmp)) && !in_array($tmp, $address_list)) {
+                            $address_list[] = $tmp;
                         }
-                        $address .= $tmp;
-                        $isfirst = 1;
                     }
                     fclose($fd);
                     mwexec("/bin/rm -rf {$temp_filename}");
                 }
             }
-            if (!empty($address)) {
-              $config['aliases']['alias'][$x]['address'] = $address;
-              $updated = true;
+            if (count($address_list) > 0) {
+                $config['aliases']['alias'][$x]['address'] = implode(" ", $address_list);
+                $updated = true;
             }
         }
     }
@@ -101,7 +89,6 @@ function update_alias_url_data()
     return $updated;
 }
 
-
 if (update_alias_url_data()) {
     write_config();
     configd_run("filter reload");