| Message ID | 20180211185122.9243-3-berny156@gmx.de |
|---|---|
| State | Dropped |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id 6DC0F60AC5 for <patchwork@web02.i.ipfire.org>; Sun, 11 Feb 2018 19:52:06 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 54F5A111F63C; Sun, 11 Feb 2018 18:52:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 54F5A111F63C Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 7FCB9111F634 for <development@lists.ipfire.org>; Sun, 11 Feb 2018 18:51:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 7FCB9111F634 Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.225.239]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MBVwM-1evR6S2Zi2-00AY47 for <development@lists.ipfire.org>; Sun, 11 Feb 2018 19:51:30 +0100 From: Bernhard Held <berny156@gmx.de> To: development@lists.ipfire.org Subject: [PATCH 2/2] proxy.cgi: fix subnet comparison Date: Sun, 11 Feb 2018 19:51:22 +0100 Message-Id: <20180211185122.9243-3-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180211185122.9243-1-berny156@gmx.de> References: <20180211185122.9243-1-berny156@gmx.de> X-Provags-ID: V03:K0:cs2uHImvaNgKDgDPVC8GoNE4QFAG0bKDhJxgglj6exuOy7XDwuk FwhPLEKlaej0S2Ao0NG2QLiGZh5JR8V04E7PZVqHR8kLL4AA9R+O6XgIA7CTNdDmd/NCKlr qSND0TweJZ2OzJIOmn/3CMtSVkW7OBztB6iGLT+jC5tMEQLzsT4g90ToAvq3XpOCY7E+T5u o9HIrvilfd03u7tww9oDA== X-UI-Out-Filterresults: notjunk:1; V01:K0:wevjxgUprTI=:XDTFSI0wSXeoENZBtBYFXK v1qxEHex1S/7ooANSsLwWcHqEN5w5JdidmdJiwDkzIhPih/8ikZbmaugg5l6ZwkIQweXT4bU2 N+u5enxg/RyRVMb6SM1nQdVCgtXsVna8SEeC0J9gKDWe+V7nX5Qh9663QXzSnFReYWwMAnlNj ay740eZT8eSOj4Sb6IAHiolYijktp/oMjCwZWdHMUCuWnsppI9qtqI+7dZuNMBSF0h39Irc5x LM0PGo7f6hqAAlJpqbmGFx2jkJgAgKl846CqFU3kLK5sMs2x2GoRNKYahPgjkP1YJBLaEjJOT sIRtEeM870Z6x8PPFLbWtRxKzPRZ5Jkhy80JFZeH3bnW4yxoWibw2Sr6ifep+tLSZU3EvVlYN JfgU0zhAdjN9jUbtg0mBfYRTnVWEKabFz30lmNiJUrj4lUXXnIJFs+R0FD7VwfhHa+sB1ku2W 75lTWHITlO4nomLWJmeosuIbuAOdpKAnZ6VlJhDp8nOb080mDSqzAfptXjzbnU4v0ZXZ4dhat UxguLZdXnqwPjfsHYhEnaPg/OvkAZXzURMNs332oQbHgy8Tj1KsTwZ+dDolfMF0Qrb2QxQAoi Vb55o+7vKJd9yNlq5zMtdJhsht13R68iaiLvnN8A3WCljtClrFDz/doD4Vx9aMsKbWAYJZdow Pg+0bltpzhlG4/QFFGngaUoU9tNY/Rm2CbeCkuRVwC2f4bq1C0AuuZssCfOhemjMpMkRtDQ/L 7c846BEYIlg2iwwjA3nrwZZCsiM/bv1UglKPGyRmoMKaH1P4CeSMsAhu5Z75c1YaxEevaHzhK W1IvXujdTXmmXPXThMzD/rBjDBSzw== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
proxy.cgi fixes for bugzilla #10852
|
|
Commit Message
Bernhard Held
Feb. 12, 2018, 5:51 a.m. UTC
The logic of subnet comparison is broken. E.g. if the blue netmask is 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. The proposed patch compares the subnets individually. --- html/cgi-bin/proxy.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Comments
I think you should better use &Network::equals() from /var/ipfire/network-functions.pl. This will take care of converting subnet masks to prefix notation and vice-versa. Best, -Michael On Sun, 2018-02-11 at 19:51 +0100, Bernhard Held wrote: > The logic of subnet comparison is broken. E.g. if the blue netmask is > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. > The proposed patch compares the subnets individually. > --- > html/cgi-bin/proxy.cgi | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index ea3b41126..4993dde86 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -3066,8 +3066,8 @@ END > @temp = split(/\//); > chomp $temp[1]; > if ( > - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && > - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) > + (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) && > + (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netsettings{'BLUE_NETMASK'})) > ) > { > print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
Bernhard, Does any of this also apply to the subnet comparisons made when adding subnets in the "Firewall Groups" portion of the WUI? Tom > On Feb 11, 2018, at 1:52 PM, Bernhard Held <berny156@gmx.de> wrote: > > The logic of subnet comparison is broken. E.g. if the blue netmask is > 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. > The proposed patch compares the subnets individually. > --- > html/cgi-bin/proxy.cgi | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > index ea3b41126..4993dde86 100644 > --- a/html/cgi-bin/proxy.cgi > +++ b/html/cgi-bin/proxy.cgi > @@ -3066,8 +3066,8 @@ END > @temp = split(/\//); > chomp $temp[1]; > if ( > - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && > - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) > + (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) && > + (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netsettings{'BLUE_NETMASK'})) > ) > { > print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))"; > -- > 2.16.1 >
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index ea3b41126..4993dde86 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3066,8 +3066,8 @@ END @temp = split(/\//); chomp $temp[1]; if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) + (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) && + (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netsettings{'BLUE_NETMASK'})) ) { print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";