[1/2] ovpnmain.cgi: Fix detection of used DH key lenght.

Message ID 20210621154506.2482-1-stefan.schantl@ipfire.org
State Accepted
Commit f56040805375784a7c695d7324365c115262eb72
Headers show
Series [1/2] ovpnmain.cgi: Fix detection of used DH key lenght. | expand

Commit Message

Stefan Schantl June 21, 2021, 3:45 p.m. UTC
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

Patch

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 023000dd5..5af1b807e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -221,14 +221,23 @@  sub pkiconfigcheck
 	# Warning if DH parameter is 1024 bit
 	if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
 		my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+		my $dhbit;
 
+		# Loop through the output and search for the DH bit lenght.
 		foreach my $line (@dhparameter) {
-			my @dhbit = ($line =~ /(\d+)/);
-			if ($1 < 2048) {
-				$cryptoerror = "$Lang::tr{'ovpn error dh'}";
-				goto CRYPTO_ERROR;
+			if ($line =~ (/(\d+)/)) {
+				# Assign match to dhbit value.
+				$dhbit = $1;
+
+				last;
 			}
 		}
+
+		# Check if the used key lenght is at least 2048 bit.
+		if ($dhbit < 2048) {
+			$cryptoerror = "$Lang::tr{'ovpn error dh'}";
+			goto CRYPTO_ERROR;
+		}
 	}
 
 	# Warning if md5 is in usage