From e5579e7b84a98d75e7895066ba19768bb39c40c1 Mon Sep 17 00:00:00 2001
From: Ylian Saint-Hilaire <ysainthilaire@hotmail.com>
Date: Sat, 8 May 2021 19:03:35 -0700
Subject: [PATCH] Added SSH input validation.

---
 apprelays.js | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/apprelays.js b/apprelays.js
index 0354d202..cf228f39 100644
--- a/apprelays.js
+++ b/apprelays.js
@@ -302,7 +302,10 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                 if (typeof msg.action != 'string') return;
                 switch (msg.action) {
                     case 'connect': {
-                        // TODO: Verify inputs
+                        // Verify inputs
+                        if ((typeof msg.username != 'string') || (typeof msg.password != 'string')) break;
+                        if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
+
                         obj.termSize = msg;
                         obj.username = msg.username;
                         obj.password = msg.password;
@@ -310,6 +313,9 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
                         break;
                     }
                     case 'resize': {
+                        // Verify inputs
+                        if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
+
                         obj.termSize = msg;
                         if (obj.sshShell != null) { obj.sshShell.setWindow(obj.termSize.rows, obj.termSize.cols, obj.termSize.height, obj.termSize.width); }
                         break;
@@ -466,7 +472,10 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
                 if (typeof msg.action != 'string') return;
                 switch (msg.action) {
                     case 'sshauth': {
-                        // TODO: Verify inputs
+                        // Verify inputs
+                        if ((typeof msg.username != 'string') || (typeof msg.password != 'string')) break;
+                        if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
+
                         obj.termSize = msg;
                         obj.username = msg.username;
                         obj.password = msg.password;
@@ -478,6 +487,9 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
                         break;
                     }
                     case 'resize': {
+                        // Verify inputs
+                        if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
+
                         obj.termSize = msg;
                         if (obj.sshShell != null) { obj.sshShell.setWindow(obj.termSize.rows, obj.termSize.cols, obj.termSize.height, obj.termSize.width); }
                         break;