From 8fc23995b98521adbdaa283d606a5472da23314d Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 28 Dec 2020 23:14:15 -0800 Subject: [PATCH] Added network interface names escaping. --- meshagent.js | 8 ++++++++ meshcentral.js | 12 +++++++++--- meshuser.js | 9 +++++++++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/meshagent.js b/meshagent.js index 560caeee..6f095234 100644 --- a/meshagent.js +++ b/meshagent.js @@ -1164,6 +1164,14 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { // Check if network information is present if ((command.netif2 == null) && (command.netif == null)) return; + // Escape any field names that have special characters + if (command.netif2 != null) { + for (var i in command.netif2) { + var esc = common.escapeFieldName(i); + if (esc !== i) { command.netif2[esc] = command.netif2[i]; delete command.netif2[i]; } + } + } + // Sent by the agent to update agent network interface information delete command.action; command.updateTime = Date.now(); diff --git a/meshcentral.js b/meshcentral.js index ed3e00f6..cc0ec250 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -733,9 +733,9 @@ function CreateMeshCentralServer(config, args) { if (obj.args.createaccount.startsWith('user/')) { userid = obj.args.createaccount; domainid = obj.args.createaccount.split('/')[1]; } if (userid.split('/').length != 3) { console.log("Invalid userid."); process.exit(); return; } obj.db.Get(userid, function (err, docs) { - if (err != null) { console.log("Database error: " + err); process.exit(); return; } + if (err != null) { console.log("Database error: " + err); process.exit(); return; } if ((docs != null) && (docs.length != 0)) { console.log('User already exists.'); process.exit(); return; } - if ((domainid != '') && ((config.domains == null) || (config.domains[domainid] == null))) { console.log("Invalid domain."); process.exit(); return; } + if ((domainid != '') && ((config.domains == null) || (config.domains[domainid] == null))) { console.log("Invalid domain."); process.exit(); return; } var user = { _id: userid, type: 'user', name: (typeof obj.args.name == 'string') ? obj.args.name : (userid.split('/')[2]), domain: domainid, creation: Math.floor(Date.now() / 1000), links: {} }; if (typeof obj.args.email == 'string') { user.email = obj.args.email; user.emailVerified = true; } require('./pass').hash(obj.args.pass, function (err, salt, hash, tag) { if (err) { console.log("Unable create account password: " + err); process.exit(); return; } user.salt = salt; user.hash = hash; obj.db.Set(user, function () { console.log("Done."); process.exit(); return; }); }, 0); @@ -901,7 +901,13 @@ function CreateMeshCentralServer(config, args) { if (badCharCount > 0) { console.log(badCharCount + ' invalid character(s) where removed.'); } try { json = JSON.parse(json2); } catch (e) { console.log('Invalid JSON format: ' + obj.args.dbimport + ': ' + e); process.exit(); } if ((json == null) || (typeof json.length != 'number') || (json.length < 1)) { console.log('Invalid JSON format: ' + obj.args.dbimport + '.'); } - for (i in json) { if ((json[i].type == "mesh") && (json[i].links != null)) { for (var j in json[i].links) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].links[esc] = json[i].links[j]; delete json[i].links[j]; } } } } // Escape MongoDB invalid field chars + // Escape MongoDB invalid field chars + for (i in json) { + var doc = json[i]; + for (var j in doc) { if (j.indexOf('.') >= 0) { console.log("Invalid field name (" + j + ") in document: " + json[i]); return; } } + if ((json[i].type == "ifinfo") && (json[i].netif2 != null)) { for (var j in json[i].netif2) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].netif2[esc] = json[i].netif2[j]; delete json[i].netif2[j]; } } } + if ((json[i].type == "mesh") && (json[i].links != null)) { for (var j in json[i].links) { var esc = obj.common.escapeFieldName(j); if (esc !== j) { json[i].links[esc] = json[i].links[j]; delete json[i].links[j]; } } } + } //for (i in json) { if ((json[i].type == "node") && (json[i].host != null)) { json[i].rname = json[i].host; delete json[i].host; } } // DEBUG: Change host to rname setTimeout(function () { // If the Mongo database is being created for the first time, there is a race condition here. This will get around it. obj.db.RemoveAll(function () { diff --git a/meshuser.js b/meshuser.js index e13c0266..c2d2cc4d 100644 --- a/meshuser.js +++ b/meshuser.js @@ -3857,6 +3857,15 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use db.Get('if' + node._id, function (err, netinfos) { if ((netinfos == null) || (netinfos.length != 1)) { try { ws.send(JSON.stringify({ action: 'getnetworkinfo', nodeid: node._id, netif: null, netif2: null })); } catch (ex) { } return; } var netinfo = netinfos[0]; + + // Unescape any field names that have special characters if needed + if (netinfo.netif2 != null) { + for (var i in netinfo.netif2) { + var esc = common.unEscapeFieldName(i); + if (esc !== i) { netinfo.netif2[esc] = netinfo.netif2[i]; delete netinfo.netif2[i]; } + } + } + try { ws.send(JSON.stringify({ action: 'getnetworkinfo', nodeid: node._id, updateTime: netinfo.updateTime, netif: netinfo.netif, netif2: netinfo.netif2 })); } catch (ex) { } }); });