From: Erik Kapfer Date: Sat, 11 Jan 2014 11:38:53 +0000 (+0100) Subject: OpenVPN: Check if port is smaller than 1024. X-Git-Tag: v2.15-beta1~2^2~3 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=8c252e6aa83f0a45d248dc59ae2bbc2ca717b229 OpenVPN: Check if port is smaller than 1024. Bug #10459. --- diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 7b1654fb93..75b6c75f10 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1163,6 +1163,12 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $errormessage = $Lang::tr{'invalid port'}; goto SETTINGS_ERROR; } + + if ($cgiparams{'DDEST_PORT'} <= 1023) { + $errormessage = $Lang::tr{'ovpn port in root range'}; + goto SETTINGS_ERROR; + } + $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'}; @@ -3534,10 +3540,24 @@ if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; - } + } + + if ($cgiparams{'DEST_PORT'} <= 1023) { + $errormessage = $Lang::tr{'ovpn port in root range'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } - if ($cgiparams{'OVPN_MGMT'} eq '') { - $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; + if ($cgiparams{'OVPN_MGMT'} eq '') { + $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; + } + + if ($cgiparams{'OVPN_MGMT'} <= 1023) { + $errormessage = $Lang::tr{'ovpn mgmt in root range'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; } } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 37c02af391..b4753a6fdc 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1606,6 +1606,8 @@ 'ovpn on blue' => 'OpenVPN auf BLAU', 'ovpn on orange' => 'OpenVPN auf ORANGE', 'ovpn on red' => 'OpenVPN auf ROT', +'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.', +'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.', 'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24', 'ovpn routes push options' => 'Route push Optionen', 'ovpn server status' => 'OpenVPN-Server-Status', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5e47e5c2a2..3d9a5eb4d1 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1636,6 +1636,8 @@ 'ovpn on blue' => 'OpenVPN on BLUE', 'ovpn on orange' => 'OpenVPN on ORANGE', 'ovpn on red' => 'OpenVPN on RED', +'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.', +'ovpn port in root range' => 'A port number of 1024 or higher is required.', 'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24', 'ovpn routes push options' => 'Route push options', 'ovpn server status' => 'Current OpenVPN server status:',