From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 31 Jul 2017 09:12:02 +0000 (+0200)
Subject: ipsec: Check PSK for a good length
X-Git-Tag: 009~92
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1bfc4f565106d6bfa8b5199026b2f635d15a81c8;p=network.git

ipsec: Check PSK for a good length

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index c090a93d..ed889a64 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -334,12 +334,23 @@ ipsec_connection_authentication_psk() {
 		log ERROR "Not enough arguments"
 		return ${EXIT_ERROR}
 	fi
+
 	local connection=${1}
 	local psk=${2}
 
-	# TODO Check if psk is valid 
+	local length=${#psk}
+
+	if [ ${length} -lt 4 ]; then
+		error "The PSK must be longer than four characters"
+		return ${EXIT_ERROR}
+	fi
+
+	if [ ${length} -gt 128 ]; then
+		error "The PSK cannot be longer than 128 characters"
+		return ${EXIT_ERROR}
+	fi
 
-	if ! ipsec_connection_write_config_key "${connection}" "PSK" ${psk}; then
+	if ! ipsec_connection_write_config_key "${connection}" "PSK" "${psk}"; then
 		log ERROR "Could not write configuration settings"
 		return ${EXIT_ERROR}
 	fi