From patchwork Wed Jun 22 20:22:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 5696 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LSvvX6kdVz40TL for ; Wed, 22 Jun 2022 20:22:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LSvvV3hXMz32; Wed, 22 Jun 2022 20:22:46 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LSvvV2HYpz2ynQ; Wed, 22 Jun 2022 20:22:46 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LSvvS6Nptz2xbN for ; Wed, 22 Jun 2022 20:22:44 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LSvvR6sFvz32; Wed, 22 Jun 2022 20:22:43 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1655929364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=UxM66NvxljsJfsarcPfQCvpMc8GoKq1QEIrXw2U77j4=; b=/R7jrqUMVKwL549mU2ANyZEN3FO3KEgTZLlAQr85HWh0YBRZhffsULrem8OzHH2XkSfCs8 ZJBH8EQcg2PfTYDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1655929364; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=UxM66NvxljsJfsarcPfQCvpMc8GoKq1QEIrXw2U77j4=; b=CSe4/r6ZAz5BEnfyjVZ689lKE9ZWfDxImBJoW7/aD7wiP9fD9xxc6nkSRg7CC6I+VJMl7h 2eZAXxcpiSEQB7sXK46IHTB+C35GTU3EFOIJO/JfnaaSZ+pTndyau6tZrjb5lJUrSsYoSJ xYK6MNYEfx6dfvuKXJbXGubIo6ReBkSHnN05JoRYyywNFrvoQQ7Z0RtWMT96x3WfF6sqDj 9p3KVFk+wuDNyoC6lmjNUlQPTZ15BZGFQFQGcApwXPvVsr8z1N/UL425Ucx1tZWkM0WCOW LeWvki+lpjJFg1qDa0ecHuCwG0DdAvQmWXGw5Wn5Ehad8F+zisIkamxlYPCp5Q== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted Date: Wed, 22 Jun 2022 22:22:36 +0200 Message-Id: <20220622202236.3149193-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487 from May 2021 put the variable containing the .p12 content into double quotes which causes the contents to be treated as text whereas the .p12 file is an application file. - Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so the problem was not noticed till now and flagged up in the forum. https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127 - The problem does not occur for the .p12 file in the zip file as the downloading of the zip file does not have the variable name in double quotes. - Putting the zip file variable into double quotes caused the downloaded zip file to be corrupt and not able to be opened as an archive. - Removing the double quotes from the .p12 variable name caused the separate .p12 file download to be able to be correctly opened. - The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem and ta.key file downloads. To be consistent the same change has been applied to these. Fixes: Bug #2883 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer --- html/cgi-bin/ovpnmain.cgi | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b8c3e5064..736d17541 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1564,7 +1564,7 @@ END print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n"; my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - print "@tmp"; + print @tmp; exit(0); } else { @@ -1679,7 +1679,7 @@ END print "Content-Disposition: filename=cacert.pem\r\n\r\n"; my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem"); - print "@tmp"; + print @tmp; exit(0); } @@ -1693,7 +1693,7 @@ END print "Content-Disposition: filename=servercert.pem\r\n\r\n"; my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem"); - print "@tmp"; + print @tmp; exit(0); } @@ -1710,7 +1710,7 @@ END my @tmp = ; close(FILE); - print "@tmp"; + print @tmp; exit(0); } @@ -2615,7 +2615,7 @@ else my @tmp = ; close(FILE); - print "@tmp"; + print @tmp; exit (0); ### @@ -3234,7 +3234,7 @@ END my @tmp = ; close(FILE); - print "@tmp"; + print @tmp; exit (0); }