projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
luci-base: fix possible shell injection in luci.tools.status.switch_status()
[project/luci.git]
/
modules
/
luci-base
/
luasrc
/
tools
/
status.lua
diff --git
a/modules/luci-base/luasrc/tools/status.lua
b/modules/luci-base/luasrc/tools/status.lua
index
b531393
..
1c40387
100644
(file)
--- a/
modules/luci-base/luasrc/tools/status.lua
+++ b/
modules/luci-base/luasrc/tools/status.lua
@@
-4,6
+4,7
@@
module("luci.tools.status", package.seeall)
local uci = require "luci.model.uci".cursor()
module("luci.tools.status", package.seeall)
local uci = require "luci.model.uci".cursor()
+local ipc = require "luci.ip"
local function dhcp_leases_common(family)
local rv = { }
local function dhcp_leases_common(family)
local rv = { }
@@
-31,7
+32,7
@@
local function dhcp_leases_common(family)
if family == 4 and not ip:match(":") then
rv[#rv+1] = {
expires = (expire ~= 0) and os.difftime(expire, os.time()),
if family == 4 and not ip:match(":") then
rv[#rv+1] = {
expires = (expire ~= 0) and os.difftime(expire, os.time()),
- macaddr =
mac
,
+ macaddr =
ipc.checkmac(mac) or "00:00:00:00:00:00"
,
ipaddr = ip,
hostname = (name ~= "*") and name
}
ipaddr = ip,
hostname = (name ~= "*") and name
}
@@
-76,7
+77,7
@@
local function dhcp_leases_common(family)
elseif ip and iaid == "ipv4" and family == 4 then
rv[#rv+1] = {
expires = (expire >= 0) and os.difftime(expire, os.time()),
elseif ip and iaid == "ipv4" and family == 4 then
rv[#rv+1] = {
expires = (expire >= 0) and os.difftime(expire, os.time()),
- macaddr =
duid
,
+ macaddr =
ipc.checkmac(duid:gsub("^(%x%x)(%x%x)(%x%x)(%x%x)(%x%x)(%x%x)$", "%1:%2:%3:%4:%5:%6")) or "00:00:00:00:00:00"
,
ipaddr = ip,
hostname = (name ~= "-") and name
}
ipaddr = ip,
hostname = (name ~= "-") and name
}
@@
-186,7
+187,7
@@
function switch_status(devs)
local switches = { }
for dev in devs:gmatch("[^%s,]+") do
local ports = { }
local switches = { }
for dev in devs:gmatch("[^%s,]+") do
local ports = { }
- local swc = io.popen("swconfig dev
%q show" % dev
, "r")
+ local swc = io.popen("swconfig dev
'%s' show" % dev:gsub("'", "")
, "r")
if swc then
local l
repeat
if swc then
local l
repeat