[Commotion-admin] [luci-commotion] [CLOSED] RCE in add local applications form ‘ipaddr’ parameter (Critical) (#328)

[oti-tech]

<a href="https://github.com/dismantl"><img src="https://avatars.githubusercontent.com/u/2007008?" align="left" width="48" height="48" hspace="10"></img></a> **Comment by [dismantl](https://github.com/dismantl)**
_Monday Oct 14, 2013 at 15:17 GMT_

----

I will add more input sanitizing for now, but in the long term, I imagine my shell call to nc will be replaced by the use of commotiond's (not-yet-implemented) socket library (with corresponding Lua bindings) to perform a connectivity check.

Does that seem reasonable?


---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion/issues/328#issuecomment-46469490
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20140618/4da4afcc/attachment.html>