From patchwork Sun Mar 21 21:23:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Leo-Andres Hofmann X-Patchwork-Id: 3955 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F3Vwj5q6Qz40Qq for ; Sun, 21 Mar 2021 21:23:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4F3Vwh4g23zln; Sun, 21 Mar 2021 21:23:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F3Vwh326kz2y3Q; Sun, 21 Mar 2021 21:23:16 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F3Vwg6Tfcz2xMX for ; Sun, 21 Mar 2021 21:23:15 +0000 (UTC) Received: from arche.uberspace.de (arche.uberspace.de [185.26.156.147]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4F3Vwg1PbWzHv for ; Sun, 21 Mar 2021 21:23:15 +0000 (UTC) Received: (qmail 10045 invoked from network); 21 Mar 2021 21:23:13 -0000 Received: from localhost (HELO localhost) (127.0.0.1) by arche.uberspace.de with SMTP; 21 Mar 2021 21:23:13 -0000 From: Leo-Andres Hofmann To: development@lists.ipfire.org Subject: [PATCH] zoneconf.cgi: Fix VLAN tag range check Date: Sun, 21 Mar 2021 22:23:03 +0100 Message-Id: <20210321212303.1718-1-hofmann@leo-andres.de> X-Mailer: git-send-email 2.27.0.windows.1 MIME-Version: 1.0 ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=none; spf=pass (mail01.ipfire.org: domain of hofmann@leo-andres.de designates 185.26.156.147 as permitted sender) smtp.mailfrom=hofmann@leo-andres.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1616361795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=K0nxTr//ty+ic9VMohWqc13+5ARnj/KXm8g4GoXiWAw=; b=lkqFDG6pye17b5Rwq7hOaJwACPsMf1bBfOwtCpkhQqR2q6P+7HqMv+5aK2rqQ/qFAkOGIo OL/1EzAOv842ot9dCTQpmb8U0LW4JR3XHY3JsRF61BNO3DPXoq54cPVl0eo5ZIaft/4aLv rK34XmwV6ZWkoRiGm9+dLZOHa0ej5+seOeQ8SXpejQdXVePMr9A/UUQyez/BGwX1nhU/cu pcrXXItIKJR+4BY9t2KPVkF4V9m6YvjWyMARDv7b1f83lA/lCbOc+51wNATG4eEqrs3RDQ CHGfJBegAm9LPC5KJxSZj6NZx2K8iA/Kwsyuo9eTVnJga8mSUJ0r3YmZSmO3Jg== ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1616361795; a=rsa-sha256; cv=none; b=hyfXAd07VUoIwQspfF6Y/BmkS42utIlW2LHo7zQSNP+g4yP/ktk5mq0WEDGC+6UKkdEjXp osIEdZ1A4UHzyWRGYU3Z5UXP0f5bI2TIvOAAV50KQPRs6lDOnjP4stm9jKTB0gZ9VQ13Qw Ln9Ym7x07waich3s8lxEXP5qT8Ml/VK+2G5Dsd8pceN5CMd3oj9siZCRnfGjheidhID4bx D9Lgdg0Y41ykBOZI+H4U5rOFPh1yrFil9dI9Y/MuUB6Gbp8jLtJZENySpwdOIav11m1YWz XtmchJcFhR7bJs+SbonldijoCBYeoJ/NUdHZ08QORYfnpzRKaHAaL+2W66Hdzw== X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.35 / 11.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_REPUTATION_HAM(-2.05)[asn: 205766(-0.29), country: DE(-0.01), ip: 185.26.156.147(-0.73)]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[leo-andres.de]; R_SPF_ALLOW(-0.20)[+mx]; MID_CONTAINS_FROM(1.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:205766, ipnet:185.26.156.0/24, country:DE]; RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-3.00)[99.99%] X-Rspamd-Queue-Id: 4F3Vwg1PbWzHv Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of hofmann@leo-andres.de designates 185.26.156.147 as permitted sender) smtp.mailfrom=hofmann@leo-andres.de X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Use the correct VLAN tag range 1-4094 and add an error message to the range check. The missing error message was discovered by Jonatan. Signed-off-by: Leo-Andres Hofmann --- doc/language_missings | 7 +++++++ html/cgi-bin/zoneconf.cgi | 11 +++++------ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/doc/language_missings b/doc/language_missings index 3cd277726..4b5a90c67 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -912,6 +912,7 @@ < zoneconf val stp zone mode error < zoneconf val vlan amount assignment error < zoneconf val vlan tag assignment error +< zoneconf val vlan tag range error < zoneconf val zoneslave amount error ############################################################################ # Checking cgi-bin translations for language: fr # @@ -933,6 +934,7 @@ < zoneconf stp priority < zoneconf val stp priority range error < zoneconf val stp zone mode error +< zoneconf val vlan tag range error ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1322,6 +1324,7 @@ < zoneconf val stp zone mode error < zoneconf val vlan amount assignment error < zoneconf val vlan tag assignment error +< zoneconf val vlan tag range error < zoneconf val zoneslave amount error ############################################################################ # Checking cgi-bin translations for language: nl # @@ -1766,6 +1769,7 @@ < zoneconf val stp zone mode error < zoneconf val vlan amount assignment error < zoneconf val vlan tag assignment error +< zoneconf val vlan tag range error < zoneconf val zoneslave amount error ############################################################################ # Checking cgi-bin translations for language: pl # @@ -2652,6 +2656,7 @@ < zoneconf val stp zone mode error < zoneconf val vlan amount assignment error < zoneconf val vlan tag assignment error +< zoneconf val vlan tag range error < zoneconf val zoneslave amount error ############################################################################ # Checking cgi-bin translations for language: ru # @@ -3545,6 +3550,7 @@ < zoneconf val stp zone mode error < zoneconf val vlan amount assignment error < zoneconf val vlan tag assignment error +< zoneconf val vlan tag range error < zoneconf val zoneslave amount error ############################################################################ # Checking cgi-bin translations for language: tr # @@ -3741,4 +3747,5 @@ < zoneconf val stp zone mode error < zoneconf val vlan amount assignment error < zoneconf val vlan tag assignment error +< zoneconf val vlan tag range error < zoneconf val zoneslave amount error diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi index b90ea8a41..c0d44764f 100644 --- a/html/cgi-bin/zoneconf.cgi +++ b/html/cgi-bin/zoneconf.cgi @@ -279,11 +279,10 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) { } $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1; - - if (! looks_like_number($vlan_tag)) { - last; - } - if ($vlan_tag < 1 || $vlan_tag > 4095) { + + # check VLAN tag range: 1..4094 (0, 4095 are reserved) + unless (looks_like_number($vlan_tag) && ($vlan_tag >= 1) && ($vlan_tag <= 4094)) { + $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag range error"}; last; } @@ -486,7 +485,7 @@ END - + END ; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6a8133807..191c778d2 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2988,6 +2988,7 @@ 'zoneconf val stp zone mode error' => 'STP kann nur aktiviert werden, wenn sich die Zone im Brückenmodus befindet', 'zoneconf val vlan amount assignment error' => 'Pro Zone kann nur ein VLAN verwendet werden.', 'zoneconf val vlan tag assignment error' => 'Pro Netzwerkkarte kann derselbe VLAN-Tag nur einmal verwendet werden.', +'zoneconf val vlan tag range error' => 'VLAN-Tag muss im Bereich 1-4094 liegen.', 'zoneconf val zoneslave amount error' => 'Wenn eine Zone nicht im Brückenmodus ist, kann ihr nur eine Netzwerkkarte zugewiesen werden.', ); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8f7e0c2cf..1d059aac8 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -3037,6 +3037,7 @@ 'zoneconf val stp zone mode error' => 'STP can only be enabled if the zone is in bridge mode', 'zoneconf val vlan amount assignment error' => 'A zone cannot have more than one VLAN assigned.', 'zoneconf val vlan tag assignment error' => 'You cannot use the same VLAN tag more than once per NIC.', +'zoneconf val vlan tag range error' => 'VLAN tag must be in the range of 1-4094.', 'zoneconf val zoneslave amount error' => 'A zone that is not in bridge mode can\'t have more than one NIC assigned', );