From: Alexander Marx <amarx@ipfire.org>
Date: Wed, 21 Nov 2012 10:49:53 +0000 (+0100)
Subject: openvpn ccd: Fix subnet mask validation.
X-Git-Tag: v2.11-core65~1^2~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=290007b3b07ef6bc69bc97d54825fcf96eeb9eb6;p=people%2Fms%2Fipfire-2.x.git

openvpn ccd: Fix subnet mask validation.
---

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 602617361b..605556718f 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -383,13 +383,13 @@ sub validipandmask
 	if ($ccdip=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) {
 		#Subnet in decimal and valid?
 		if ($ccdsubnet=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255  && $2<=$1 && $3<=$2  && $4<=$3 )))	{
-			for (my $i=8;$i<=30;$i++){
+			for (my $i=8;$i<=32;$i++){
 				if (&General::cidrtosub($i) eq $ccdsubnet){
 					return 1;
 				}
 			}	
 		#Subnet already in binary format?
-		}elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=30 && $1>=8))){
+		}elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
 			return 1;
 		}else{
 			return 0;
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 038adb1389..ca43e7dd5d 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -494,21 +494,36 @@ sub addccdnet
 	my $checkup;
 	my $ccdip;
 	my $baseaddress;
-	if(!&General::validhostname($ccdname)){
+	
+	
+	#check name	
+	if ($ccdname eq '') 
+	{
+		$errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+		return
+	}
+	
+	if(!&General::validhostname($ccdname))
+	{
 		$errormessage=$Lang::tr{'ccd err invalidname'};
 		return;
 	}
-	#check ip
-	if (&General::validipandmask($ccdnet)){
-			$ccdnet=&General::iporsubtocidr($ccdnet);	
-	}else{
+		
+	($ccdip,$subcidr) = split (/\//,$ccdnet);
+	$subcidr=&General::iporsubtocidr($subcidr);
+	#check subnet
+	if ($subcidr > 30)
+	{
 		$errormessage=$Lang::tr{'ccd err invalidnet'};
 		return;
 	}
-	($ccdip,$subcidr) = split (/\//,$ccdnet);
-	if ($ccdname eq '') {
-		$errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+	#check ip
+	if (!&General::validipandmask($ccdnet)){
+		$errormessage=$Lang::tr{'ccd err invalidnet'};
+		return;
 	}
+	
+	
 	#check if we try to use same network as ovpn server
 	if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
 			$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";