From e966cfea23740e36f94c359506e7412da38af4fd Mon Sep 17 00:00:00 2001 From: Manuel Munz Date: Wed, 16 Oct 2013 19:48:23 +0000 Subject: [PATCH] applications/luci-splash: Add a filter for arguments, only allow valid mac and ip addresses --- .../luci-splash/root/usr/sbin/luci-splash | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/applications/luci-splash/root/usr/sbin/luci-splash b/applications/luci-splash/root/usr/sbin/luci-splash index de5332330..a7954211b 100755 --- a/applications/luci-splash/root/usr/sbin/luci-splash +++ b/applications/luci-splash/root/usr/sbin/luci-splash @@ -106,6 +106,26 @@ function get_filter_handle(parent, direction, device, mac) return handle end +function macvalid(mac) + if mac and mac:match( + "^[a-fA-F0-9][a-fA-F0-9]:[a-fA-F0-9][a-fA-F0-9]:" .. + "[a-fA-F0-9][a-fA-F0-9]:[a-fA-F0-9][a-fA-F0-9]:" .. + "[a-fA-F0-9][a-fA-F0-9]:[a-fA-F0-9][a-fA-F0-9]$" + ) then + return true + end + + return false +end + +function ipvalid(ipaddr) + if ipaddr then + return ip.IPv4(ipaddr) and true or false + end + + return false +end + function main(argv) local cmd = table.remove(argv, 1) local arg = argv[1] @@ -116,6 +136,12 @@ function main(argv) if ( cmd == "lease" or cmd == "add-rules" or cmd == "remove" or cmd == "whitelist" or cmd == "blacklist" or cmd == "status" ) and #argv > 0 then + if not (macvalid(arg) or ipvalid(arg)) then + print("Invalid argument. The second argument must " .. + "be a valid IPv4 or Mac Address.") + os.exit(1) + end + lock() local arp_cache = net.arptable() -- 2.25.1