| Message ID | 20200128105150.5848-1-stefan.schantl@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 7ad653cc09409c4e23885bf89279bd8458189f11 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 486NjM2y8Cz3xY8 for <patchwork@web04.haj.ipfire.org>; Tue, 28 Jan 2020 10:52:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 486NjK09x7z2c9; Tue, 28 Jan 2020 10:52:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1580208726; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=xG7rDEMpsJtl9yp/e6sr5Q60NbfYDCNTSjN5bW+DQH0=; b=KNF1spG3gQlX0XUCa43b4/Y4ihTs8Us0WI+WDwb54DtKQddwaa4erFKbsC9xgRSu1DoAJc qo+brx/D6ae+ssAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1580208726; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=xG7rDEMpsJtl9yp/e6sr5Q60NbfYDCNTSjN5bW+DQH0=; b=GK7UL90Tx683BOi4AdRt7dFH2w38ZuVn3AcYJAyw1jn15U8D1/ltok0z7sqVxIie9Y96lY tJElQEWge0tA5j/JLbi/qiP4m765IySuzVyfT8lg1ZysDtsjaJWucSBG1kAJ4kXWXM2d1u JD/SYySs4+5J8oBafWXtjOHQ03PHp0kZHl370mz6H8BipxKjmqzgQKwbY7Mu+SceDeGMnS dXpG9CzPhoR9Zm/7KJLb4weJ3HUazUiNeIkoqcmvQ1DHz39RYbyhy0eHkXZtqdLuiJjudN PeK+5twmdqLnO8HYS7i7eXyTGcc0xZUOWCUvnk4Mq29kOTYN4m7uWFcll5RtFA== Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 486NjJ17kpz2yZc; Tue, 28 Jan 2020 10:52:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 486NjG1nQjz2xlf for <development@lists.ipfire.org>; Tue, 28 Jan 2020 10:52:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 486NjF0YxPz2c9; Tue, 28 Jan 2020 10:52:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909ed25519; t=1580208721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=xG7rDEMpsJtl9yp/e6sr5Q60NbfYDCNTSjN5bW+DQH0=; b=/EGZKHKJQnEFzO2BiV9rRSavadDptPR1xO293zYq1gydownwoSmiihodbUG+A0e5SRs7KW hgJ8B7KqoAF46eBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201909rsa; t=1580208721; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=xG7rDEMpsJtl9yp/e6sr5Q60NbfYDCNTSjN5bW+DQH0=; b=HOllyBdXceipJXlv7UUUAFOvbD5p79w1WtRx2kIC8FR7lbGs5uE6AR5wTyj33onghim/q9 0Bw4hFbM67RFqr63YHoOEwva6vDDEoZCL1jF2Pb8vphS6V4VZ/BT0c9qfNW3Dj+cOKP6lc qCTPUI3P0hzDopha/eWX7nNufxtmS+6zX+M6LTURmHXo7Fz41d6UYmljz7fZaeLwoF6U9C aaRuzupBzoj+Juy6PLRguzSM+rZ16zFMYOLrYeXo9JjfUcTqfW/cSAw54erhlVrKNIh1uk nxv8dJhhQ5c7th/P7dPFzYnAs4JwNH+BrjrYButavgUqj9dNWn9LfmcGEUFusg== From: Stefan Schantl <stefan.schantl@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] ovpnmain.cgi: Validate CCDNet name when renaming it. Date: Tue, 28 Jan 2020 11:51:50 +0100 Message-Id: <20200128105150.5848-1-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=stefan.schantl@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
ovpnmain.cgi: Validate CCDNet name when renaming it.
|
|
Commit Message
Stefan Schantl
Jan. 28, 2020, 10:51 a.m. UTC
Fixes #12282
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
html/cgi-bin/ovpnmain.cgi | 7 +++++++
1 file changed, 7 insertions(+)
Comments
Hi, > On 28 Jan 2020, at 10:51, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > Fixes #12282 > > Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > --- > html/cgi-bin/ovpnmain.cgi | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi > index e76a688fe..22a2b9905 100644 > --- a/html/cgi-bin/ovpnmain.cgi > +++ b/html/cgi-bin/ovpnmain.cgi > @@ -490,6 +490,13 @@ sub modccdnet > my $oldname=$_[1]; > my %ccdconfhash=(); > my %ccdhash=(); > + > + # Check if the new name is valid. > + if(!&General::validhostname($newname)) { > + $errormessage=$Lang::tr{'ccd err invalidname'}; > + return; > + } > + Why does the name of the pool need to be a FQDN? > &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); > foreach my $key (keys %ccdconfhash) { > if ($ccdconfhash{$key}[0] eq $oldname) { > -- > 2.25.0 >
Okay. Can you ask the reporter to check your changes and confirm here on the list? > On 30 Jan 2020, at 12:48, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > Hello Michael, > > thanks for reviewing the patch. > > There is no need that the pool name is a FQDN, I mainly inserted the > same check when editing as when adding a new pool. > > Best regards, > > -Stefan >> Hi, >> >>> On 28 Jan 2020, at 10:51, Stefan Schantl <stefan.schantl@ipfire.org >>>> wrote: >>> >>> Fixes #12282 >>> >>> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> >>> --- >>> html/cgi-bin/ovpnmain.cgi | 7 +++++++ >>> 1 file changed, 7 insertions(+) >>> >>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi >>> index e76a688fe..22a2b9905 100644 >>> --- a/html/cgi-bin/ovpnmain.cgi >>> +++ b/html/cgi-bin/ovpnmain.cgi >>> @@ -490,6 +490,13 @@ sub modccdnet >>> my $oldname=$_[1]; >>> my %ccdconfhash=(); >>> my %ccdhash=(); >>> + >>> + # Check if the new name is valid. >>> + if(!&General::validhostname($newname)) { >>> + $errormessage=$Lang::tr{'ccd err invalidname'}; >>> + return; >>> + } >>> + >> >> Why does the name of the pool need to be a FQDN? >> >>> &General::readhasharray("${General::swroot}/ovpn/ccd.conf", >>> \%ccdconfhash); >>> foreach my $key (keys %ccdconfhash) { >>> if ($ccdconfhash{$key}[0] eq $oldname) { >>> -- >>> 2.25.0 >>> >
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index e76a688fe..22a2b9905 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -490,6 +490,13 @@ sub modccdnet my $oldname=$_[1]; my %ccdconfhash=(); my %ccdhash=(); + + # Check if the new name is valid. + if(!&General::validhostname($newname)) { + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); foreach my $key (keys %ccdconfhash) { if ($ccdconfhash{$key}[0] eq $oldname) {