From ddf2310a1b276978c4b4c2111630b2cf152ba35b Mon Sep 17 00:00:00 2001 From: Asjid Kalam Date: Wed, 9 Sep 2020 15:23:39 +0530 Subject: [PATCH] fixed rce --- ifconfig.js | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/ifconfig.js b/ifconfig.js index 08f9fa7..88c2349 100644 --- a/ifconfig.js +++ b/ifconfig.js @@ -31,7 +31,7 @@ var child_process = require('child_process'); * */ var ifconfig = module.exports = { - exec: child_process.exec, + exec: child_process.execFile, status: status, down: down, up: up @@ -188,11 +188,16 @@ function parse_status_interface(callback) { * */ function status(interface, callback) { + var cmd = ""; if (callback) { - this.exec('ifconfig ' + interface, parse_status_interface(callback)); + cmd = 'ifconfig ' + interface; + cmd = cmd.split(' '); + this.exec(cmd[0], cmd.slice(1), parse_status_interface(callback)); } else { - this.exec('ifconfig -a', parse_status(interface)); + cmd = 'ifconfig -a'; + cmd = cmd.split(' '); + this.exec(cmd[0], cmd.slice(1), parse_status(interface)); } } @@ -214,7 +219,9 @@ function status(interface, callback) { * */ function down(interface, callback) { - return this.exec('ifconfig ' + interface + ' down', callback); + var cmd = 'ifconfig ' + interface + ' down'; + cmd = cmd.split(' '); + return this.exec(cmd[0], cmd.slice(1), callback); } /** @@ -241,9 +248,11 @@ function down(interface, callback) { * */ function up(options, callback) { - return this.exec('ifconfig ' + options.interface + - ' ' + options.ipv4_address + - ' netmask ' + options.ipv4_subnet_mask + - ' broadcast ' + options.ipv4_broadcast + - ' up', callback); + var cmd = 'ifconfig ' + options.interface + + ' ' + options.ipv4_address + + ' netmask ' + options.ipv4_subnet_mask + + ' broadcast ' + options.ipv4_broadcast + + ' up', callback; + cmd = cmd.split(' '); + return this.exec(cmd[0], cmd.slice(1)); }