From 33673fcd07e515c4ed8a7ffccc913c0b4f6c1b67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20S=C3=BCberkr=C3=BCb?= Date: Sat, 17 Feb 2018 22:35:05 +0100 Subject: [PATCH 1/2] Properly escape password everywhere --- src/adb.js | 2 +- src/fastboot.js | 10 +++++----- src/utils.js | 7 ++++++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/adb.js b/src/adb.js index 06b22b65..6c9e4313 100644 --- a/src/adb.js +++ b/src/adb.js @@ -27,7 +27,7 @@ const start = (password, sudo, callback) => { stop(err => { var cmd=""; if (utils.needRoot() && sudo) - cmd += "echo " + password + " | sudo -S " + cmd += utils.sudoCommand(password, ""); cmd += adb + " -P " + PORT + " start-server"; utils.platfromToolsExecAsar("adb", (platfromToolsExecAsar) => { platfromToolsExecAsar.exec(cmd, (c, r, e) => { diff --git a/src/fastboot.js b/src/fastboot.js index fe377223..86529ed8 100644 --- a/src/fastboot.js +++ b/src/fastboot.js @@ -48,7 +48,7 @@ var waitForDevice = (password, callback) => { utils.log.debug("fastboot: wait for device"); var cmd = ""; if (utils.needRoot()) - cmd += "echo " + password + " | sudo -S " + cmd += utils.sudoCommand(password, ""); cmd += "fastboot" + " devices"; var stop; utils.platfromToolsExecAsar("fastboot", (asarExec) => { @@ -106,7 +106,7 @@ var flash = (images, callback, password) => { var cmd = ""; images.forEach((image, l) => { if (utils.needRoot()) - cmd += "echo " + password + " | sudo -S " + cmd += utils.sudoCommand(password, ""); cmd += "fastboot" + " flash " + image.type + " \"" + path.join(image.path, path.basename(image.url)) + "\""; if (l !== images.length - 1) cmd += " && " @@ -135,7 +135,7 @@ image object format var boot = (image, password, callback) => { var cmd=""; if (utils.needRoot()) - cmd += "echo " + password + " | sudo -S " + cmd += utils.sudoCommand(password, ""); cmd += "fastboot" + " boot \"" + path.join(image.path, path.basename(image.url)) + "\""; utils.platfromToolsExecAsar("fastboot", (asarExec) => { asarExec.exec(cmd, (c, r, e) => { @@ -153,7 +153,7 @@ var format = (partitions, password, callback) => { var cmd=""; partitions.forEach((partition, l) => { if (utils.needRoot()) - cmd += "echo " + password + " | sudo -S " + cmd += utils.sudoCommand(password, ""); cmd += "fastboot" + " format " + partition; if (l !== partitions.length - 1) cmd += " && " @@ -174,7 +174,7 @@ args; array, string, function var oem = (command, password, callback) => { var cmd=""; if (utils.needRoot()) - cmd += "echo " + password + " | sudo -S " + cmd += utils.sudoCommand(password, ""); cmd += "fastboot" + " oem " + command; utils.platfromToolsExecAsar("fastboot", (asarExec) => { asarExec.exec(cmd, (c, r, e) => { diff --git a/src/utils.js b/src/utils.js index 08438cf1..6e90f939 100644 --- a/src/utils.js +++ b/src/utils.js @@ -130,6 +130,10 @@ var die = (e) => { process.exit(1); } +var sudoCommand = (password, cmd) => { + return "echo \'" + password.replace(/\'/g, "'\\''") + "\' | sudo -S " + cmd; +} + var checkPassword = (password, callback) => { if (!needRoot()) { log.debug("no root needed") @@ -137,7 +141,7 @@ var checkPassword = (password, callback) => { return; } log.debug("checking password") - exec("echo \"" + password.replace(/\"/g, "\\\"") + "\" | sudo -S echo correct", (err, output) => { + exec(sudoCommand(password, "echo correct"), (err, output) => { if(err){ if (err.message.includes("incorrect password")) { log.debug("incorrect password") @@ -450,6 +454,7 @@ module.exports = { getPlatformTools: getPlatformTools, getUbportDir: getUbportDir, needRoot: needRoot, + sudoCommand: sudoCommand, checkPassword: checkPassword, debugScreen: debugScreen, debugTrigger: debugTrigger, From 8226804173b99872d16005c6e0f50622cd8dac47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20S=C3=BCberkr=C3=BCb?= Date: Sat, 17 Feb 2018 23:28:48 +0100 Subject: [PATCH 2/2] Improve sudoCommand helper function Don't take a parameter for a command to append. Remove unnecessary escaping. --- src/adb.js | 2 +- src/fastboot.js | 10 +++++----- src/utils.js | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/adb.js b/src/adb.js index 6c9e4313..86ce4fa7 100644 --- a/src/adb.js +++ b/src/adb.js @@ -27,7 +27,7 @@ const start = (password, sudo, callback) => { stop(err => { var cmd=""; if (utils.needRoot() && sudo) - cmd += utils.sudoCommand(password, ""); + cmd += utils.sudoCommand(password); cmd += adb + " -P " + PORT + " start-server"; utils.platfromToolsExecAsar("adb", (platfromToolsExecAsar) => { platfromToolsExecAsar.exec(cmd, (c, r, e) => { diff --git a/src/fastboot.js b/src/fastboot.js index 86529ed8..1a694ad3 100644 --- a/src/fastboot.js +++ b/src/fastboot.js @@ -48,7 +48,7 @@ var waitForDevice = (password, callback) => { utils.log.debug("fastboot: wait for device"); var cmd = ""; if (utils.needRoot()) - cmd += utils.sudoCommand(password, ""); + cmd += utils.sudoCommand(password); cmd += "fastboot" + " devices"; var stop; utils.platfromToolsExecAsar("fastboot", (asarExec) => { @@ -106,7 +106,7 @@ var flash = (images, callback, password) => { var cmd = ""; images.forEach((image, l) => { if (utils.needRoot()) - cmd += utils.sudoCommand(password, ""); + cmd += utils.sudoCommand(password); cmd += "fastboot" + " flash " + image.type + " \"" + path.join(image.path, path.basename(image.url)) + "\""; if (l !== images.length - 1) cmd += " && " @@ -135,7 +135,7 @@ image object format var boot = (image, password, callback) => { var cmd=""; if (utils.needRoot()) - cmd += utils.sudoCommand(password, ""); + cmd += utils.sudoCommand(password); cmd += "fastboot" + " boot \"" + path.join(image.path, path.basename(image.url)) + "\""; utils.platfromToolsExecAsar("fastboot", (asarExec) => { asarExec.exec(cmd, (c, r, e) => { @@ -153,7 +153,7 @@ var format = (partitions, password, callback) => { var cmd=""; partitions.forEach((partition, l) => { if (utils.needRoot()) - cmd += utils.sudoCommand(password, ""); + cmd += utils.sudoCommand(password); cmd += "fastboot" + " format " + partition; if (l !== partitions.length - 1) cmd += " && " @@ -174,7 +174,7 @@ args; array, string, function var oem = (command, password, callback) => { var cmd=""; if (utils.needRoot()) - cmd += utils.sudoCommand(password, ""); + cmd += utils.sudoCommand(password); cmd += "fastboot" + " oem " + command; utils.platfromToolsExecAsar("fastboot", (asarExec) => { asarExec.exec(cmd, (c, r, e) => { diff --git a/src/utils.js b/src/utils.js index 6e90f939..7db146e6 100644 --- a/src/utils.js +++ b/src/utils.js @@ -130,8 +130,8 @@ var die = (e) => { process.exit(1); } -var sudoCommand = (password, cmd) => { - return "echo \'" + password.replace(/\'/g, "'\\''") + "\' | sudo -S " + cmd; +var sudoCommand = (password) => { + return "echo '" + password.replace(/\'/g, "'\\''") + "' | sudo -S "; } var checkPassword = (password, callback) => { @@ -141,7 +141,7 @@ var checkPassword = (password, callback) => { return; } log.debug("checking password") - exec(sudoCommand(password, "echo correct"), (err, output) => { + exec(sudoCommand(password) + "echo correct", (err, output) => { if(err){ if (err.message.includes("incorrect password")) { log.debug("incorrect password")