guardian.cgi: Some more input validation.

diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi
index 0432a13d6a3cacef7cefd0b61f6cc1f947d0531b..059451f6efe6b8050f2fede3f9cef1a04cd8f2f1 100644 (file)
--- a/html/cgi-bin/guardian.cgi
+++ b/html/cgi-bin/guardian.cgi
@@ -176,17 +176,40 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
 #
 } elsif ($settings{'ACTION'} eq $Lang::tr{'block'}) {
 
-       # Check if no empty input has been performed.
-        if ($settings{'ADDRESS_BLOCK'} ne '') {
+       # Assign some temporary variables used for input validation.
+       my $input = $settings{'ADDRESS_BLOCK'};
+       my $green = $netsettings{'GREEN_ADDRESS'};
+       my $blue = $netsettings{'BLUE_ADDRESS'};
+       my $orange = $netsettings{'ORANGE_ADDRESS'};
+       my $red = $netsettings{'RED_ADDRESS'};
 
-                # Check if the given input is no valid IP-address or IP-address with subnet, display an error message.
-                if ((!&General::validip($settings{'ADDRESS_BLOCK'})) && (!&General::validipandmask($settings{'ADDRESS_BLOCK'}))) {
-                        $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
-                }
+       # Get gateway address.
+       my $gateway = &General::get_gateway();
 
-        } else {
-                $errormessage = "$Lang::tr{'guardian empty input'}";
-        }
+       # Check if any input has been performed.
+       if ($input eq '') {
+               $errormessage = "$Lang::tr{'guardian empty input'}";
+       }
+
+       # Check if the given input is localhost (127.0.0.1).
+       elsif ($input eq "127.0.0.1") {
+               $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+       }
+
+       # Check if the given input is anywhere (0.0.0.0).
+       elsif ($input eq "0.0.0.0") {
+               $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+       }
+
+       # Check if the given input is one of the interface addresses or our gateway.
+       elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway") {
+               $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}";
+       }
+
+       # Check if the given input is a valid IP address.
+        elsif (!&General::validip($input)) {
+                        $errormessage = "$Lang::tr{'guardian invalid address or subnet'}";
+       }
 
         # Go further if there was no error.
         if ($errormessage eq '') {

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 9e3487b297fba19394055e32241e9d3bb3591397..c4484a6422a5df6345f99aeb287f4a13d11a62dc 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1208,6 +1208,7 @@
 'guardian blocked hosts' => 'Currently blocked hosts',
 'guardian blockcount' => 'Blockcount',
 'guardian blocktime' => 'Blocktime',
+'guardian blocking of this address is not allowed' => 'Blocking of the given address is not allowed.',
 'guardian configuration' => 'Guardian Configuration',
 'guardian daemon' => 'Daemon',
 'guardian enabled' => 'Enable guardian',
@@ -1227,8 +1228,8 @@
 'guardian service' => 'Guardian Service',
 'guardian snort alertfile' => 'Alertfile from Snort',
 'guardian watch snort alertfile' => 'Monitor Snort alertfile',
-'guardian block ssh brute-force' => 'Block SSH Brute-force attacks',
-'guardian block httpd brute-force' => 'Block HTTPD Brute-force attacks',
+'guardian block ssh brute-force' => 'SSH Brute-force detection',
+'guardian block httpd brute-force' => 'HTTPD Brute-force detection',
 'guest ok' => 'allow guests to access',
 'gui settings' => 'GUI Settings',
 'gz with key' => 'Only an encrypted archive can be restored on this machine.',