security update (prototype pollution prevention)

sebhildebrandt · Nov 25, 2020 · 11103a4 · 11103a4
1 parent 73dce8d
commit 11103a4
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/lib/internet.js b/lib/internet.js
@@ -35,14 +35,14 @@ function inetChecksite(url, callback) {
     process.nextTick(() => {
       let urlSanitized = '';
       const s = util.sanitizeShellString(url);
-      for (i = 0; i <= 2000; i++) {
+      for (let i = 0; i <= 2000; i++) {
         if (!(s[i] === undefined ||
           s[i] === ' ' ||
           s[i] === '{' ||
           s[i] === '}')) {
           const sl = s[i].toLowerCase();
           if (sl[0] && !sl[1]) {
-            urlSanitized = urlSanitized + sl[i];
+            urlSanitized = urlSanitized + sl[0];
           }
         }
       }

diff --git a/lib/network.js b/lib/network.js
@@ -1134,13 +1134,13 @@ function networkStatsSingle(iface) {
                   // skip header line
                   // use the second line because it is tied to the NIC instead of the ipv4 or ipv6 address
                   stats = lines[1].replace(/ +/g, ' ').split(' ');
-                  rx_bytes = parseInt(stats[6]);
-                  rx_dropped = parseInt(stats[11]);
-                  rx_errors = parseInt(stats[5]);
-                  tx_bytes = parseInt(stats[9]);
-                  tx_dropped = parseInt(stats[11]);
-                  tx_errors = parseInt(stats[8]);
-
+                  const offset = stats.length > 11 ? 1 : 0;
+                  rx_bytes = parseInt(stats[offset + 5]);
+                  rx_dropped = parseInt(stats[offset + 10]);
+                  rx_errors = parseInt(stats[offset + 4]);
+                  tx_bytes = parseInt(stats[offset + 8]);
+                  tx_dropped = parseInt(stats[offset + 10]);
+                  tx_errors = parseInt(stats[offset + 7]);
                   result = calcNetworkSpeed(ifaceSanitized, rx_bytes, tx_bytes, result.operstate, rx_dropped, rx_errors, tx_dropped, tx_errors);
                 }
               }

diff --git a/lib/util.js b/lib/util.js
@@ -492,7 +492,7 @@ function countLines(lines, startingWith) {
 function sanitizeShellString(str) {
   const s = str || '';
   let result = '';
-  for (i = 0; i <= 2000; i++) {
+  for (let i = 0; i <= 2000; i++) {
     if (!(s[i] === undefined ||
       s[i] === '>' ||
       s[i] === '<' ||
@@ -520,15 +520,15 @@ function sanitizeShellString(str) {
 }
 
 function isPrototypePolluted() {
-  s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
+  const s = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
   let notPolluted = true;
   let st = '';
   notPolluted = notPolluted || !(s.length === 62)
   const ms = Date.now();
   if (typeof ms === 'number' && ms > 1600000000000) {
     const l = ms % 100 + 15;
     let c = 0;
-    for (i = 0; i < l; i++) {
+    for (let i = 0; i < l; i++) {
       const r = Math.random() * 61.99999999 + 1;
       const rs = parseInt(Math.floor(r).toString(), 10)
       const rs2 = parseInt(r.toString().split('.')[0], 10);
@@ -561,7 +561,7 @@ function isPrototypePolluted() {
     // lower
     const stl = st.toLowerCase();
     notPolluted = notPolluted && (stl.length === l) && stl[l - 1] && !(stl[l])
-    for (i = 0; i < l; i++) {
+    for (let i = 0; i < l; i++) {
       const s1 = st[i];
       const s2 = stl[i];
       const s1l = s1.toLowerCase();