Merge pull request hestiacp#288 from 0x0d/master

Security vulnerabilities fix

Author: serghey-rodin

src/v-check-user-password.c

@@ -45,10 +45,16 @@ int main (int argc, char** argv) {
     /* open log file */
     FILE* pFile = fopen ("/usr/local/vesta/log/auth.log","a+");
     if (NULL == pFile) {
-        printf("Error: can not open file %s \n", argv[0]);
+        printf("Error: can not open file /usr/local/vesta/log/auth.log \n");
         exit(12);
     }
 
+    int len = 0;
+    if(strlen(argv[1]) >= 100) {
+        printf("Too long username\n");
+        exit(1);
+    }
+
     /* parse user argument */
     struct passwd* userinfo = getpwnam(argv[1]);
     if (NULL != userinfo) {

web/api/index.php

@@ -14,10 +14,11 @@
 
         $v_user = escapeshellarg($_POST['user']);
         $v_password = escapeshellarg($_POST['password']);
-        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
+        $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
+        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'",  $output, $auth_code);
     } else {
         $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
-        if (file_exists($key)) {
+        if (file_exists($key) && is_file($key)) {
             $auth_code = '0';
         }
     }