Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
0
Replies

Firmware bug: $CCERT must not be used in Report_Rule

Dan Lukes
VIP Alumni
VIP Alumni

‎04-29-2015 02:53 AM - edited ‎03-21-2019 08:37 AM

Prolog

"Report Rule" can be configured with URL's used to save phone's current configuration. Starting with 7.5.2b firmware it is possible to configure more than one URL here. The semi-colon has been used as separator. It caused issues because semi-colon can be used in casual URL, so the separator has been changed to space in 7.5.5 (see Bug in Report_Rule parsing (SPA50x, fw 7.5.x) for more)

As of 7.5.7 firmware, the 2048 certificates has been introduced and value of $CCERT variable may contain text "Installed (2048 bits)". It cause other issue related to Report Rule parsing.

Issue & how to repeat

$CCERT can be used on "Report Rule" no longer because of wrong parsing order.

The author of firmware first call variable expansion for complete "Report Rule" string, then split the result by space in attempt to found second URL.

With Report Rule configured to https://test.local/Report.php?Product=$PN&CERT=$CCERT it is parsed to:

first_rule is https://test.local/Cisco/Report.php?Product=SPA508G&CERT=Installed, second_rule is (2048 bits)

It is wrong result. In advance, it reveal the characters inserted into URL by variable expansion are not escaped properly.

How to fix

The order of parsing steps needs to be reversed. Report Rule need to be split  into parts first, then variable expansion should be called for both parts independently. Also, strings expanded from variables should be url-encoded properly.

Disclaimer

I will not call SMB support to report this bug to them. Assuming the Cisco is interested to repair firmware bugs a staff member monitoring this forum will create ticked by self. I wish that all relevant information including the depth-in analysis has been disclosed here. I'm ready to provide further details or create test environment if necessary. I'm just not willing to call the Support center as I'm not willing to explain all those complex things described here by phone (and they doesn't accept written reports).

For those non-Cisco-staff users affected by issue - feel free to report the issue to Support center, if you are willing to do it. You are allowed to use information disclosed here, or just refer to this report. I don't care the authorship.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents