From patchwork Wed Apr 15 13:24:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ummeegge X-Patchwork-Id: 2966 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 492NP2352Vz3xQt for ; Wed, 15 Apr 2020 13:24:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 492NNy5Vyvz1J5; Wed, 15 Apr 2020 13:24:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 492NNx75hWz2xmB; Wed, 15 Apr 2020 13:24:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 492NNv5vM0z2xcW for ; Wed, 15 Apr 2020 13:24:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 492NNv0cF4z1J5; Wed, 15 Apr 2020 13:24:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1586957055; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=1oZzSHy5JGyExuWa2UlrQH2HWOVCNKF84wB08gFYq8w=; b=MZNvtkhuLCSM6NB+tGTsozhMnBnOYNDNZjcnrBxmRl5ZR0iEP/E5BLzYPpcgv4uE2o6PhG HV4DJMHkKlOa20DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1586957055; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=1oZzSHy5JGyExuWa2UlrQH2HWOVCNKF84wB08gFYq8w=; b=nhJIrzy66Jeb22G/boI+7U/MvzxL4LdsEFBeEenGlFmyYh0uqwXm7q97jnwYEwIltTc29o SkuHVinmVWet3kZcDr0glMho1mTJxp4sTrBB8shD4Mb6ikeMA2MjZ+hbLkVy5NUAV4PpQs KnofC1Pb6JQJ23SupTWMTbv/3LQuf9h8Opxh8r/oaXe0bialdEcT6sm84aJk1um/Lywlw1 d/q4sXspPUqPWRW5SWXWCRX1DdNqjkkKsMeA9TWCLce9MsKekQEFxOJ49ANfq12w9q9lTL vLEJIgE4hCgL+JatE6brD3KMDgUsHDb+GHmquLEXIRyB/LyYrqfOb233uOHexw== From: Erik Kapfer To: development@lists.ipfire.org Subject: [PATCH] OpenVPN: Fix for N2N plausibility checks Date: Wed, 15 Apr 2020 15:24:04 +0200 Message-Id: <20200415132404.25688-1-ummeegge@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=ummeegge@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Fixes #12335 If no N2N name has been set, no directory and config has been created so it can not be deleted. 'goto VPNCONF_ERROR;' has been missing for N2N checks. Fixed also code formatting. Signed-off-by: Erik Kapfer --- html/cgi-bin/ovpnmain.cgi | 55 ++++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 00ecd77a0..1e61ddb42 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3765,41 +3765,42 @@ if ($cgiparams{'TYPE'} eq 'host') { #CCD End - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { - $errormessage = $Lang::tr{'connection type is invalid'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { + $errormessage = $Lang::tr{'connection type is invalid'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + goto VPNCONF_ERROR; } - if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) { - $errormessage = $Lang::tr{'name must only contain characters'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; - } + $errormessage = $Lang::tr{'name must only contain characters'}; + if ($cgiparams{'TYPE'} eq 'net') { + goto VPNCONF_ERROR; + } + goto VPNCONF_ERROR; + } if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) { - $errormessage = $Lang::tr{'name is invalid'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; + $errormessage = $Lang::tr{'name is invalid'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + goto VPNCONF_ERROR; } if (length($cgiparams{'NAME'}) >60) { - $errormessage = $Lang::tr{'name too long'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; + $errormessage = $Lang::tr{'name too long'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + goto VPNCONF_ERROR; } ###