projects
/
spider.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix sh/dx/30 problem
[spider.git]
/
perl
/
DXCommandmode.pm
diff --git
a/perl/DXCommandmode.pm
b/perl/DXCommandmode.pm
index 2c49fabe07cb7422ef8536efb981a5fce5c980c5..d2f4a4ff97c549b3b596ce62edf5530cb66d7d11 100644
(file)
--- a/
perl/DXCommandmode.pm
+++ b/
perl/DXCommandmode.pm
@@
-50,6
+50,7
@@
use DXCIDR;
use strict;
use vars qw(%Cache %cmd_cache $errstr %aliases $scriptbase %nothereslug
$maxbadcount $msgpolltime $default_pagelth $cmdimportdir $users $maxusers
use strict;
use vars qw(%Cache %cmd_cache $errstr %aliases $scriptbase %nothereslug
$maxbadcount $msgpolltime $default_pagelth $cmdimportdir $users $maxusers
+ $maxcmdlth
);
%Cache = (); # cache of dynamically loaded routine's mod times
);
%Cache = (); # cache of dynamically loaded routine's mod times
@@
-64,6
+65,8
@@
$cmdimportdir = "$main::root/cmd_import"; # the base directory for importing com
$users = 0; # no of users on this node currently
$maxusers = 0; # max no users on this node for this run
$users = 0; # no of users on this node currently
$maxusers = 0; # max no users on this node for this run
+$maxcmdlth = 512; # max length of incoming cmd line (including the command and any arguments
+
#
# obtain a new connection this is derived from dxchannel
#
#
# obtain a new connection this is derived from dxchannel
#
@@
-534,15
+537,15
@@
sub run_cmd
if ($cmd) {
if ($cmd) {
- # check cmd
- if ($cmd =~ m|^/| || $cmd =~ m|[^-?\w/]|) {
+ # strip out // on command only
+ $cmd =~ s|//+|/|g;
+
+ # check for length of whole command line and any invalid characters
+ if (length $cmdline > $maxcmdlth || $cmd =~ m|\.| || $cmd !~ m|^\w+(?:/\w+){0,1}(?:/\d+)?$|) {
LogDbg('DXCommand', "cmd: $self->{call} - invalid characters in '$cmd'");
LogDbg('DXCommand', "cmd: $self->{call} - invalid characters in '$cmd'");
- return $self->_error_out('e
1');
+ return $self->_error_out('e
40');
}
}
- # strip out // on command only
- $cmd =~ s|//|/|g;
-
my ($path, $fcmd);
dbg("cmd: $cmd") if isdbg('command');
my ($path, $fcmd);
dbg("cmd: $cmd") if isdbg('command');
@@
-1379,7
+1382,7
@@
sub spawn_cmd
no strict 'refs';
# just behave normally if something has set the "one-shot" _nospawn in the channel
no strict 'refs';
# just behave normally if something has set the "one-shot" _nospawn in the channel
- if ($self->{_nospawn}) {
+ if ($self->{_nospawn}
|| $main::is_win == 1
) {
eval { @out = $cmdref->(@$args); };
if ($@) {
DXDebug::dbgprintring(25);
eval { @out = $cmdref->(@$args); };
if ($@) {
DXDebug::dbgprintring(25);