summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2016-06-09 10:05:40 -0400
committerjim-p <jimp@pfsense.org>2016-06-09 10:06:33 -0400
commit34bc249ff83cac9df8d7f515a52cc67b04dc38fe (patch)
treecbc4bb0ace4690f9975e3157c7a7e21797038e64
parent6314397f65d1620228599591942054c3704149d6 (diff)
downloadpfsense-34bc249ff83cac9df8d7f515a52cc67b04dc38fe.zip
pfsense-34bc249ff83cac9df8d7f515a52cc67b04dc38fe.tar.gz
Use escapeshellarg on shell calls in auth.inc. Ticket #6475
-rw-r--r--src/etc/inc/auth.inc28
1 files changed, 18 insertions, 10 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 286f606..d0386f0 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -417,7 +417,7 @@ function local_sync_accounts() {
* can cause issues. Just remove crontab before run it when necessary
*/
unlink_if_exists("/var/cron/tabs/{$line[0]}");
- $cmd = "/usr/sbin/pw userdel -n '{$line[0]}'";
+ $cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($line[0]);
if ($debug) {
log_error(sprintf(gettext("Running: %s"), $cmd));
}
@@ -441,7 +441,7 @@ function local_sync_accounts() {
if ($line[2] > 65000) {
continue;
}
- $cmd = "/usr/sbin/pw groupdel -g {$line[2]}";
+ $cmd = "/usr/sbin/pw groupdel -g " . escapeshellarg($line[2]);
if ($debug) {
log_error(sprintf(gettext("Running: %s"), $cmd));
}
@@ -549,9 +549,14 @@ function local_user_set(& $user) {
$comment = str_replace(array(":", "!", "@"), " ", $user['descr']);
/* add or mod pw db */
- $cmd = "/usr/sbin/pw {$user_op} -q -u {$user_uid} -n {$user_name}".
- " -g {$user_group} -s {$user_shell} -d {$user_home}".
- " -c ".escapeshellarg($comment)." -H 0 2>&1";
+ $cmd = "/usr/sbin/pw {$user_op} -q " .
+ " -u " . escapeshellarg($user_uid) .
+ " -n " . escapeshellarg($user_name) .
+ " -g " . escapeshellarg($user_group) .
+ " -s " . escapeshellarg($user_shell) .
+ " -d " . escapeshellarg($user_home) .
+ " -c " . escapeshellarg($comment) .
+ " -H 0 2>&1";
if ($debug) {
log_error(sprintf(gettext("Running: %s"), $cmd));
@@ -585,7 +590,7 @@ function local_user_set(& $user) {
}
$un = $lock_account ? "" : "un";
- exec("/usr/sbin/pw {$un}lock {$user_name} -q 2>/dev/null");
+ exec("/usr/sbin/pw {$un}lock " . escapeshellarg($user_name) . " -q 2>/dev/null");
conf_mount_ro();
}
@@ -613,7 +618,7 @@ function local_user_del($user) {
}
/* delete from pw db */
- $cmd = "/usr/sbin/pw userdel -n {$user['name']} {$rmhome}";
+ $cmd = "/usr/sbin/pw userdel -n " . escapeshellarg($user['name']) . " " . escapeshellarg($rmhome);
if ($debug) {
log_error(sprintf(gettext("Running: %s"), $cmd));
@@ -761,14 +766,17 @@ function local_group_set($group, $reset = false) {
}
/* determine add or mod */
- if (mwexec("/usr/sbin/pw groupshow -g {$group_gid} 2>&1", true) == 0) {
+ if (mwexec("/usr/sbin/pw groupshow -g " . escapeshellarg($group_gid) . " 2>&1", true) == 0) {
$group_op = "groupmod -l";
} else {
$group_op = "groupadd -n";
}
/* add or mod group db */
- $cmd = "/usr/sbin/pw {$group_op} {$group_name} -g {$group_gid} -M '{$group_members}' 2>&1";
+ $cmd = "/usr/sbin/pw {$group_op} " .
+ escapeshellarg($group_name) .
+ " -g " . escapeshellarg($group_gid) .
+ " -M " . escapeshellarg($group_members) . " 2>&1";
if ($debug) {
log_error(sprintf(gettext("Running: %s"), $cmd));
@@ -781,7 +789,7 @@ function local_group_del($group) {
global $debug;
/* delete from group db */
- $cmd = "/usr/sbin/pw groupdel {$group['name']}";
+ $cmd = "/usr/sbin/pw groupdel " . escapeshellarg($group['name']);
if ($debug) {
log_error(sprintf(gettext("Running: %s"), $cmd));
OpenPOWER on IntegriCloud