From 96405cec098dde14f5483db60a98b7b10ed59ceb Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 10 Mar 2014 21:36:20 -0700
Subject: [PATCH] Fix file read security issue

---
 webalizer/CHANGELOG    |  1 +
 webalizer/view_log.cgi | 16 ++++------------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/webalizer/CHANGELOG b/webalizer/CHANGELOG
index 51984049d..cd38b0108 100644
--- a/webalizer/CHANGELOG
+++ b/webalizer/CHANGELOG
@@ -11,3 +11,4 @@ Added support for AWFFull, a drop in Webalizer replacement. It is used by defaul
 ---- Changes since 1.670 ----
 Converted the UI to use the standard Webmin library.
 Converted all code to be perl strict and warnings compliant.
+Fixed a security issue that could allow a user without root access to view any file on the system.
diff --git a/webalizer/view_log.cgi b/webalizer/view_log.cgi
index 795d6c9e4..c5bb4c3d4 100755
--- a/webalizer/view_log.cgi
+++ b/webalizer/view_log.cgi
@@ -30,16 +30,12 @@ $file =~ /\.\./ || $file =~ /\<|\>|\||\0/ && &error($text{'view_efile'});
 my $lconf = &get_log_config($log) || &error($text{'view_elog'}." : $log");
 my $full = $lconf->{'dir'}.$file;
 my $fh;
-open($fh, $full) || &error($text{'view_eopen'}." : $full");
+my $data = &eval_as_unix_user($lconf->{'user'} || 'root',
+		sub { &read_file_contents($full) });
+$data || &error($text{'view_eopen'}." : $full");
 
 # Display file contents
 if ($full =~ /\.(html|htm)$/i && !$config{'naked'}) {
-	my $data = "";
-	my $buf;
-	while(read($fh, $buf, 1024)) {
-		$data .= $buf;
-		}
-	close($fh);
 	$data =~ /<TITLE>(.*)<\/TITLE>/i;
 	my $title = $1;
 	$data =~ s/^[\000-\377]*<BODY.*>//i;
@@ -64,10 +60,6 @@ else {
 			       $full =~ /\.(html|htm)$/i ? "text/html" :
 							   "text/plain","\n";
 	print "\n";
-	my $buf;
-	while(read($fh, $buf, 1024)) {
-		print $buf;
-		}
-	close($fh);
+	print $data;
 	}