From f19f1d60cab1232e0749d83dc6160db0e1649b11 Mon Sep 17 00:00:00 2001
From: ziirish <ziirish@ziirish.info>
Date: Wed, 27 Jul 2016 13:35:11 +0200
Subject: [PATCH] security: don't trust user input

---
 burpui/misc/backend/burp1.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/burpui/misc/backend/burp1.py b/burpui/misc/backend/burp1.py
index a172b4a0..200c0a87 100644
--- a/burpui/misc/backend/burp1.py
+++ b/burpui/misc/backend/burp1.py
@@ -155,7 +155,7 @@ class Burp(BUIbackend):
             },
         }
         tmpdir = G_TMPDIR
-        if conf:
+        if conf is not None:
             conf.update_defaults(self.defaults)
             conf.default_section('Burp1')
             self.port = conf.safe_get('bport', 'integer')
@@ -348,12 +348,10 @@ class Burp(BUIbackend):
         """See :func:`burpui.misc.backend.interface.BUIbackend.status`"""
         result = []
         try:
-            self.logger.info("query: '{}'".format(query.rstrip()))
+            query = query.rstrip().encode('unicode_escape').decode('utf-8')
+            self.logger.info("query: '{}'".format(query))
             qry = b''
-            if not query.endswith('\n'):  # pragma: no cover
-                qry += '{0}\n'.format(query).encode('utf-8')
-            else:
-                qry += query.encode('utf-8')
+            qry += '{0}\n'.format(query).encode('utf-8')
             sock = socket.socket(self.family, socket.SOCK_STREAM)
             sock.connect((self.host, self.port))
             sock.send(qry)
@@ -374,7 +372,7 @@ class Burp(BUIbackend):
             self.logger.debug('=> {}'.format(result))
             return result
         except socket.error:
-            self.logger.error('Cannot contact burp server at %s:%s', self.host, self.port)
+            self.logger.error('Cannot contact burp server at {0}:{1}'.format(self.host, self.port))
             raise BUIserverException('Cannot contact burp server at {0}:{1}'.format(self.host, self.port))
 
     def get_backup_logs(self, number, client, forward=False, agent=None):
@@ -985,6 +983,9 @@ class Burp(BUIbackend):
         if status not in [0, 2]:
             return None, out
 
+        if not os.path.isdir(tmpdir):
+            return None, 'Nothing to restore'
+
         zip_dir = tmpdir.rstrip(os.sep)
         zip_file = zip_dir + '.zip'
         if os.path.isfile(zip_file):