ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted

Message ID 20220622202236.3149193-1-adolf.belka@ipfire.org
State Accepted
Commit f158e71e20867a072d1c1795bea874e68c58c93b
Headers
Series ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted |

Commit Message

Adolf Belka 22 Jun 2022, 8:22 p.m. UTC
  - Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487
   from May 2021 put the variable containing the .p12 content into double quotes which
   causes the contents to be treated as text whereas the .p12 file is an application file.
- Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
   the problem was not noticed till now and flagged up in the forum.
   https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
- The problem does not occur for the .p12 file in the zip file as the downloading of the
   zip file does not have the variable name in double quotes.
- Putting the zip file variable into double quotes caused the downloaded zip file to be
   corrupt and not able to be opened as an archive.
- Removing the double quotes from the .p12 variable name caused the separate .p12 file
   download to be able to be correctly opened.
- The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
   and ta.key file downloads. To be consistent the same change has been applied to these.

Fixes: Bug #2883
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
  

Comments

Tom Rymes 22 Jun 2022, 9:51 p.m. UTC | #1
Adolf: Just noting that the subject of your message says fixes #12883, 
but on line 13 of your below message, it says #2883. I assume that's not 
terribly important, but figured I would point it out.


On 06/22/2022 4:22 PM, Adolf Belka wrote:
> - Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487
>     from May 2021 put the variable containing the .p12 content into double quotes which
>     causes the contents to be treated as text whereas the .p12 file is an application file.
> - Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
>     the problem was not noticed till now and flagged up in the forum.
>     https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
> - The problem does not occur for the .p12 file in the zip file as the downloading of the
>     zip file does not have the variable name in double quotes.
> - Putting the zip file variable into double quotes caused the downloaded zip file to be
>     corrupt and not able to be opened as an archive.
> - Removing the double quotes from the .p12 variable name caused the separate .p12 file
>     download to be able to be correctly opened.
> - The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
>     and ta.key file downloads. To be consistent the same change has been applied to these.
> 
> Fixes: Bug #2883
> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
>   html/cgi-bin/ovpnmain.cgi | 12 ++++++------
>   1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index b8c3e5064..736d17541 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -1564,7 +1564,7 @@ END
>   	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
>   
>   	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       } else {
> @@ -1679,7 +1679,7 @@ END
>   	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
>   
>   	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       }
> @@ -1693,7 +1693,7 @@ END
>   	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
>   
>   	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       }
> @@ -1710,7 +1710,7 @@ END
>   	my @tmp = <FILE>;
>   	close(FILE);
>   
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       }
> @@ -2615,7 +2615,7 @@ else
>       my @tmp = <FILE>;
>       close(FILE);
>   
> -    print "@tmp";
> +    print @tmp;
>       exit (0);
>   
>   ###
> @@ -3234,7 +3234,7 @@ END
>   	my @tmp = <FILE>;
>   	close(FILE);
>   
> -	print "@tmp";
> +	print @tmp;
>   	exit (0);
>       }
>
  
Michael Tremer 23 Jun 2022, 12:56 p.m. UTC | #2
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 22 Jun 2022, at 21:22, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487
>   from May 2021 put the variable containing the .p12 content into double quotes which
>   causes the contents to be treated as text whereas the .p12 file is an application file.
> - Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
>   the problem was not noticed till now and flagged up in the forum.
>   https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
> - The problem does not occur for the .p12 file in the zip file as the downloading of the
>   zip file does not have the variable name in double quotes.
> - Putting the zip file variable into double quotes caused the downloaded zip file to be
>   corrupt and not able to be opened as an archive.
> - Removing the double quotes from the .p12 variable name caused the separate .p12 file
>   download to be able to be correctly opened.
> - The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
>   and ta.key file downloads. To be consistent the same change has been applied to these.
> 
> Fixes: Bug #2883
> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> html/cgi-bin/ovpnmain.cgi | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index b8c3e5064..736d17541 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -1564,7 +1564,7 @@ END
> 	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
> 
> 	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     } else {
> @@ -1679,7 +1679,7 @@ END
> 	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
> 
> 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     }
> @@ -1693,7 +1693,7 @@ END
> 	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
> 
> 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     }
> @@ -1710,7 +1710,7 @@ END
> 	my @tmp = <FILE>;
> 	close(FILE);
> 
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     }
> @@ -2615,7 +2615,7 @@ else
>     my @tmp = <FILE>;
>     close(FILE);
> 
> -    print "@tmp";
> +    print @tmp;
>     exit (0);
> 
> ###
> @@ -3234,7 +3234,7 @@ END
> 	my @tmp = <FILE>;
> 	close(FILE);
> 
> -	print "@tmp";
> +	print @tmp;
> 	exit (0);
>     }
> 
> -- 
> 2.36.1
>
  

Patch

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index b8c3e5064..736d17541 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1564,7 +1564,7 @@  END
 	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
 
 	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
-	print "@tmp";
+	print @tmp;
 
 	exit(0);
     } else {
@@ -1679,7 +1679,7 @@  END
 	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
 
 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
-	print "@tmp";
+	print @tmp;
 
 	exit(0);
     }
@@ -1693,7 +1693,7 @@  END
 	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
 
 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
-	print "@tmp";
+	print @tmp;
 
 	exit(0);
     }
@@ -1710,7 +1710,7 @@  END
 	my @tmp = <FILE>;
 	close(FILE);
 
-	print "@tmp";
+	print @tmp;
 
 	exit(0);
     }
@@ -2615,7 +2615,7 @@  else
     my @tmp = <FILE>;
     close(FILE);
 
-    print "@tmp";
+    print @tmp;
     exit (0);
 
 ###
@@ -3234,7 +3234,7 @@  END
 	my @tmp = <FILE>;
 	close(FILE);
 
-	print "@tmp";
+	print @tmp;
 	exit (0);
     }