From patchwork Mon Feb 12 05:51:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Held X-Patchwork-Id: 1652 Return-Path: Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id 6DC0F60AC5 for ; Sun, 11 Feb 2018 19:52:06 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 54F5A111F63C; Sun, 11 Feb 2018 18:52:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 54F5A111F63C Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 7FCB9111F634 for ; Sun, 11 Feb 2018 18:51:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 7FCB9111F634 Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.225.239]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MBVwM-1evR6S2Zi2-00AY47 for ; Sun, 11 Feb 2018 19:51:30 +0100 From: Bernhard Held To: development@lists.ipfire.org Subject: [PATCH 2/2] proxy.cgi: fix subnet comparison Date: Sun, 11 Feb 2018 19:51:22 +0100 Message-Id: <20180211185122.9243-3-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180211185122.9243-1-berny156@gmx.de> References: <20180211185122.9243-1-berny156@gmx.de> X-Provags-ID: V03:K0:cs2uHImvaNgKDgDPVC8GoNE4QFAG0bKDhJxgglj6exuOy7XDwuk FwhPLEKlaej0S2Ao0NG2QLiGZh5JR8V04E7PZVqHR8kLL4AA9R+O6XgIA7CTNdDmd/NCKlr qSND0TweJZ2OzJIOmn/3CMtSVkW7OBztB6iGLT+jC5tMEQLzsT4g90ToAvq3XpOCY7E+T5u o9HIrvilfd03u7tww9oDA== X-UI-Out-Filterresults: notjunk:1; V01:K0:wevjxgUprTI=:XDTFSI0wSXeoENZBtBYFXK v1qxEHex1S/7ooANSsLwWcHqEN5w5JdidmdJiwDkzIhPih/8ikZbmaugg5l6ZwkIQweXT4bU2 N+u5enxg/RyRVMb6SM1nQdVCgtXsVna8SEeC0J9gKDWe+V7nX5Qh9663QXzSnFReYWwMAnlNj ay740eZT8eSOj4Sb6IAHiolYijktp/oMjCwZWdHMUCuWnsppI9qtqI+7dZuNMBSF0h39Irc5x LM0PGo7f6hqAAlJpqbmGFx2jkJgAgKl846CqFU3kLK5sMs2x2GoRNKYahPgjkP1YJBLaEjJOT sIRtEeM870Z6x8PPFLbWtRxKzPRZ5Jkhy80JFZeH3bnW4yxoWibw2Sr6ifep+tLSZU3EvVlYN JfgU0zhAdjN9jUbtg0mBfYRTnVWEKabFz30lmNiJUrj4lUXXnIJFs+R0FD7VwfhHa+sB1ku2W 75lTWHITlO4nomLWJmeosuIbuAOdpKAnZ6VlJhDp8nOb080mDSqzAfptXjzbnU4v0ZXZ4dhat UxguLZdXnqwPjfsHYhEnaPg/OvkAZXzURMNs332oQbHgy8Tj1KsTwZ+dDolfMF0Qrb2QxQAoi Vb55o+7vKJd9yNlq5zMtdJhsht13R68iaiLvnN8A3WCljtClrFDz/doD4Vx9aMsKbWAYJZdow Pg+0bltpzhlG4/QFFGngaUoU9tNY/Rm2CbeCkuRVwC2f4bq1C0AuuZssCfOhemjMpMkRtDQ/L 7c846BEYIlg2iwwjA3nrwZZCsiM/bv1UglKPGyRmoMKaH1P4CeSMsAhu5Z75c1YaxEevaHzhK W1IvXujdTXmmXPXThMzD/rBjDBSzw== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The logic of subnet comparison is broken. E.g. if the blue netmask is 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. The proposed patch compares the subnets individually. --- html/cgi-bin/proxy.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index ea3b41126..4993dde86 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3066,8 +3066,8 @@ END @temp = split(/\//); chomp $temp[1]; if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) + (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) && + (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netsettings{'BLUE_NETMASK'})) ) { print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";