Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed shell injection in os auth provider
  • Loading branch information
Eugeny committed Oct 5, 2019
1 parent ef385f9 commit 7aa146b
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion ajenti-core/aj/auth.py
Expand Up @@ -5,6 +5,7 @@
import subprocess
import syslog
from jadi import component, service, interface
from six import PY3

import aj
from aj.api.http import BaseHttpHandler
Expand Down Expand Up @@ -99,8 +100,14 @@ class OSAuthenticationProvider(AuthenticationProvider):

def authenticate(self, username, password):
child = None

if PY3:
from shlex import quote
else:
from pipes import quote

try:
child = pexpect.spawn('/bin/sh', ['-c', '/bin/su -c "/bin/echo SUCCESS" - %s' % username], timeout=5)
child = pexpect.spawn('/bin/sh', ['-c', '/bin/su -c "/bin/echo SUCCESS" - %s' % quote(username)], timeout=5)
child.expect('.*:')
child.sendline(password)
result = child.expect(['su: .*', 'SUCCESS'])
Expand Down

0 comments on commit 7aa146b

Please sign in to comment.