MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added SSH input validation.

This commit is contained in:
Ylian Saint-Hilaire 2021-05-08 19:03:35 -07:00
parent 9b85a51f67
commit e5579e7b84
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apprelays.js
View File

@ -302,7 +302,10 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
if (typeof msg.action != 'string') return; if (typeof msg.action != 'string') return;
switch (msg.action) { switch (msg.action) {
case 'connect': { case 'connect': {
// TODO: Verify inputs // Verify inputs
if ((typeof msg.username != 'string') || (typeof msg.password != 'string')) break;
if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
obj.termSize = msg; obj.termSize = msg;
obj.username = msg.username; obj.username = msg.username;
obj.password = msg.password; obj.password = msg.password;
@ -310,6 +313,9 @@ module.exports.CreateSshRelay = function (parent, db, ws, req, args, domain) {
break; break;
} }
case 'resize': { case 'resize': {
// Verify inputs
if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
obj.termSize = msg; obj.termSize = msg;
if (obj.sshShell != null) { obj.sshShell.setWindow(obj.termSize.rows, obj.termSize.cols, obj.termSize.height, obj.termSize.width); } if (obj.sshShell != null) { obj.sshShell.setWindow(obj.termSize.rows, obj.termSize.cols, obj.termSize.height, obj.termSize.width); }
break; break;
@ -466,7 +472,10 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
if (typeof msg.action != 'string') return; if (typeof msg.action != 'string') return;
switch (msg.action) { switch (msg.action) {
case 'sshauth': { case 'sshauth': {
// TODO: Verify inputs // Verify inputs
if ((typeof msg.username != 'string') || (typeof msg.password != 'string')) break;
if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
obj.termSize = msg; obj.termSize = msg;
obj.username = msg.username; obj.username = msg.username;
obj.password = msg.password; obj.password = msg.password;
@ -478,6 +487,9 @@ module.exports.CreateSshTerminalRelay = function (parent, db, ws, req, domain, u
break; break;
} }
case 'resize': { case 'resize': {
// Verify inputs
if ((typeof msg.rows != 'number') || (typeof msg.cols != 'number') || (typeof msg.height != 'number') || (typeof msg.width != 'number')) break;
obj.termSize = msg; obj.termSize = msg;
if (obj.sshShell != null) { obj.sshShell.setWindow(obj.termSize.rows, obj.termSize.cols, obj.termSize.height, obj.termSize.width); } if (obj.sshShell != null) { obj.sshShell.setWindow(obj.termSize.rows, obj.termSize.cols, obj.termSize.height, obj.termSize.width); }
break; break;