From: Tobias Brunner Date: Fri, 17 Nov 2017 16:45:52 +0000 (+0100) Subject: android: Validate proposal strings when importing profiles X-Git-Tag: 5.6.2dr1~4^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b03713add4a634eec797d3a8503cff05a5eed6e9;p=thirdparty%2Fstrongswan.git android: Validate proposal strings when importing profiles --- diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java index 97ba11bf7f..43c0035cf9 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java @@ -59,6 +59,7 @@ import org.strongswan.android.security.TrustedCertificateEntry; import org.strongswan.android.ui.widget.TextInputLayoutHelper; import org.strongswan.android.utils.Constants; import org.strongswan.android.utils.IPRangeSet; +import org.strongswan.android.utils.Utils; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -497,8 +498,8 @@ public class VpnProfileImportActivity extends AppCompatActivity } } - profile.setIkeProposal(obj.optString("ike-proposal", null)); - profile.setEspProposal(obj.optString("esp-proposal", null)); + profile.setIkeProposal(getProposal(obj, "ike-proposal", true)); + profile.setEspProposal(getProposal(obj, "esp-proposal", false)); profile.setMTU(getInteger(obj, "mtu", Constants.MTU_MIN, Constants.MTU_MAX)); profile.setNATKeepAlive(getInteger(obj, "nat-keepalive", Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX)); JSONObject split = obj.optJSONObject("split-tunneling"); @@ -536,6 +537,19 @@ public class VpnProfileImportActivity extends AppCompatActivity return res < min || res > max ? null : res; } + private String getProposal(JSONObject obj, String key, boolean ike) throws JSONException + { + String value = obj.optString(key, null); + if (!TextUtils.isEmpty(value)) + { + if (!Utils.isProposalValid(ike, value)) + { + throw new JSONException(getString(R.string.profile_import_failed_value, key)); + } + } + return value; + } + private String getSubnets(JSONObject split, String key) throws JSONException { ArrayList subnets = new ArrayList<>();