From f56040805375784a7c695d7324365c115262eb72 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 21 Jun 2021 17:45:05 +0200
Subject: [PATCH] ovpnmain.cgi: Fix detection of used DH key lenght.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 077f5ab6c4..d9e26de2fe 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -221,14 +221,23 @@ sub pkiconfigcheck
 	# Warning if DH parameter is 1024 bit
 	if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
 		my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+		my $dhbit;
 
+		# Loop through the output and search for the DH bit lenght.
 		foreach my $line (@dhparameter) {
-			my @dhbit = ($line =~ /(\d+)/);
-			if ($1 < 2048) {
-				$cryptoerror = "$Lang::tr{'ovpn error dh'}";
-				goto CRYPTO_ERROR;
+			if ($line =~ (/(\d+)/)) {
+				# Assign match to dhbit value.
+				$dhbit = $1;
+
+				last;
 			}
 		}
+
+		# Check if the used key lenght is at least 2048 bit.
+		if ($dhbit < 2048) {
+			$cryptoerror = "$Lang::tr{'ovpn error dh'}";
+			goto CRYPTO_ERROR;
+		}
 	}
 
 	# Warning if md5 is in usage
-- 
2.39.2