From 11103a447ab9550c25f1fbec7e6d903720b3fea8 Mon Sep 17 00:00:00 2001 From: Sebastian Hildebrandt Date: Wed, 25 Nov 2020 06:58:06 +0100 Subject: [PATCH] security update (prototype pollution prevention) --- lib/internet.js | 4 ++-- lib/network.js | 14 +++++++------- lib/util.js | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/internet.js b/lib/internet.js index c25f2bb9..9f8ef333 100644 --- a/lib/internet.js +++ b/lib/internet.js @@ -35,14 +35,14 @@ function inetChecksite(url, callback) { process.nextTick(() => { let urlSanitized = ''; const s = util.sanitizeShellString(url); - for (i = 0; i <= 2000; i++) { + for (let i = 0; i <= 2000; i++) { if (!(s[i] === undefined || s[i] === ' ' || s[i] === '{' || s[i] === '}')) { const sl = s[i].toLowerCase(); if (sl[0] && !sl[1]) { - urlSanitized = urlSanitized + sl[i]; + urlSanitized = urlSanitized + sl[0]; } } } diff --git a/lib/network.js b/lib/network.js index 4c5190d6..c9693987 100644 --- a/lib/network.js +++ b/lib/network.js @@ -1134,13 +1134,13 @@ function networkStatsSingle(iface) { // skip header line // use the second line because it is tied to the NIC instead of the ipv4 or ipv6 address stats = lines[1].replace(/ +/g, ' ').split(' '); - rx_bytes = parseInt(stats[6]); - rx_dropped = parseInt(stats[11]); - rx_errors = parseInt(stats[5]); - tx_bytes = parseInt(stats[9]); - tx_dropped = parseInt(stats[11]); - tx_errors = parseInt(stats[8]); - + const offset = stats.length > 11 ? 1 : 0; + rx_bytes = parseInt(stats[offset + 5]); + rx_dropped = parseInt(stats[offset + 10]); + rx_errors = parseInt(stats[offset + 4]); + tx_bytes = parseInt(stats[offset + 8]); + tx_dropped = parseInt(stats[offset + 10]); + tx_errors = parseInt(stats[offset + 7]); result = calcNetworkSpeed(ifaceSanitized, rx_bytes, tx_bytes, result.operstate, rx_dropped, rx_errors, tx_dropped, tx_errors); } } diff --git a/lib/util.js b/lib/util.js index 5f13173b..facf1ecb 100644 --- a/lib/util.js +++ b/lib/util.js @@ -492,7 +492,7 @@ function countLines(lines, startingWith) { function sanitizeShellString(str) { const s = str || ''; let result = ''; - for (i = 0; i <= 2000; i++) { + for (let i = 0; i <= 2000; i++) { if (!(s[i] === undefined || s[i] === '>' || s[i] === '<' || @@ -520,7 +520,7 @@ function sanitizeShellString(str) { } function isPrototypePolluted() { - s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' + const s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' let notPolluted = true; let st = ''; notPolluted = notPolluted || !(s.length === 62) @@ -528,7 +528,7 @@ function isPrototypePolluted() { if (typeof ms === 'number' && ms > 1600000000000) { const l = ms % 100 + 15; let c = 0; - for (i = 0; i < l; i++) { + for (let i = 0; i < l; i++) { const r = Math.random() * 61.99999999 + 1; const rs = parseInt(Math.floor(r).toString(), 10) const rs2 = parseInt(r.toString().split('.')[0], 10); @@ -561,7 +561,7 @@ function isPrototypePolluted() { // lower const stl = st.toLowerCase(); notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l]) - for (i = 0; i < l; i++) { + for (let i = 0; i < l; i++) { const s1 = st[i]; const s2 = stl[i]; const s1l = s1.toLowerCase();