luci-proto-wireguard: fix potential shell injection vulnerabilities
authorJo-Philipp Wich <jo@mein.io>
Fri, 8 Oct 2021 18:22:58 +0000 (20:22 +0200)
committerJo-Philipp Wich <jo@mein.io>
Fri, 8 Oct 2021 18:27:13 +0000 (20:27 +0200)
commit44445a8097d05dbcc807c95c5b2c016f1a49a350
treeb5c3f4aff6f62b8b34dc635e08f5980cf29f3c3e
parent21af8a34fdcfd78dc125c7cf9a6372925c074477
luci-proto-wireguard: fix potential shell injection vulnerabilities

The `luci.wireguard.generateQrCode` UBUS method allows injecting
arbitrary shell code by not sanitizing the `privkey` and `allowed_ips`
arguments before concatenating them into shell command expressions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
protocols/luci-proto-wireguard/root/usr/libexec/rpcd/luci.wireguard