mirrors/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2025-04-12 14:04:08 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'defuse-binary' into 'develop'

Browse source 
Draft: Fix RCE via erlang.binary_to_term

See merge request pleroma/pleroma!4203
This commit is contained in:
feld 2025-03-21 16:20:21 +00:00
commit ea0196a35e
4 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/binary_to_term-rce.security Normal file
View file

@ -0,0 +1 @@
- Fix unsafe cast of database-stored configuration values that could lead to code execution

2
lib/pleroma/captcha.ex
View file

@ -66,7 +66,7 @@ defmodule Pleroma.Captcha do
with false <- is_nil(answer_data),
{:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
%{at: at, answer_data: answer_md5} <- :erlang.binary_to_term(data) do
%{at: at, answer_data: answer_md5} <- Plug.Crypto.non_executable_binary_to_term(data) do
{:ok, %{at: at, answer_data: answer_md5}}
else
_ -> {:error, :invalid_answer_data}

4
lib/pleroma/ecto_type/config/binary_value.ex
View file

@ -11,14 +11,14 @@ defmodule Pleroma.EctoType.Config.BinaryValue do
if String.valid?(value) do
{:ok, value}
else
{:ok, :erlang.binary_to_term(value)}
{:ok, Plug.Crypto.non_executable_binary_to_term(value)}
end
end
def cast(value), do: {:ok, value}
def load(value) when is_binary(value) do
{:ok, :erlang.binary_to_term(value)}
{:ok, Plug.Crypto.non_executable_binary_to_term(value)}
end
def dump(value) do

2
lib/pleroma/workers/mailer_worker.ex
View file

@ -9,7 +9,7 @@ defmodule Pleroma.Workers.MailerWorker do
def perform(%Job{args: %{"op" => "email", "encoded_email" => encoded_email, "config" => config}}) do
encoded_email
|> Base.decode64!()
|> :erlang.binary_to_term()
|> Plug.Crypto.non_executable_binary_to_term()
|> Pleroma.Emails.Mailer.deliver(config)
end