From 1bfc4f565106d6bfa8b5199026b2f635d15a81c8 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 31 Jul 2017 11:12:02 +0200
Subject: [PATCH] ipsec: Check PSK for a good length

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.ipsec | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index c090a93d..ed889a64 100644
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -334,12 +334,23 @@ ipsec_connection_authentication_psk() {
 		log ERROR "Not enough arguments"
 		return ${EXIT_ERROR}
 	fi
+
 	local connection=${1}
 	local psk=${2}
 
-	# TODO Check if psk is valid 
+	local length=${#psk}
+
+	if [ ${length} -lt 4 ]; then
+		error "The PSK must be longer than four characters"
+		return ${EXIT_ERROR}
+	fi
+
+	if [ ${length} -gt 128 ]; then
+		error "The PSK cannot be longer than 128 characters"
+		return ${EXIT_ERROR}
+	fi
 
-	if ! ipsec_connection_write_config_key "${connection}" "PSK" ${psk}; then
+	if ! ipsec_connection_write_config_key "${connection}" "PSK" "${psk}"; then
 		log ERROR "Could not write configuration settings"
 		return ${EXIT_ERROR}
 	fi
-- 
2.39.2