From 38d0619307385dcda96d963a75526c89aba65ecb Mon Sep 17 00:00:00 2001
From: Andreas Brodmann <andreas.brodmann@gmail.com>
Date: Fri, 9 Nov 2007 09:12:16 +0000
Subject: fixed remote exploit via popen

git-svn-id: svn://svn.alpinelinux.org/acf/dhcp/trunk@289 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 dhcp-controller.lua | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'dhcp-controller.lua')

diff --git a/dhcp-controller.lua b/dhcp-controller.lua
index 671e0b3..35014c4 100644
--- a/dhcp-controller.lua
+++ b/dhcp-controller.lua
@@ -115,7 +115,10 @@ home = function ( self )
 
 	local srvctrl = ""
 	if self.clientdata.srvcmd then
-		srvctrl = self.model.service_control(self.clientdata.srvcmd)
+		srvcmd = self.clientdata.srvcmd
+		if srvcmd == "start" or srvcmd == "stop" or srvcmd == "restart" then
+			srvctrl = self.model.service_control(self.clientdata.srvcmd)
+		end
 	end
 
 	local option = { script = ENV["SCRIPT_NAME"],
-- 
cgit v1.2.3