From patchwork Mon Feb 12 05:51:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Held X-Patchwork-Id: 1650 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id A363D60AC5 for ; Sun, 11 Feb 2018 19:51:51 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 9B4C6111F63C; Sun, 11 Feb 2018 18:51:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 9B4C6111F63C Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 7559A111F63C for ; Sun, 11 Feb 2018 18:51:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 7559A111F63C Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.225.239]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0LmrUq-1eJJ0Q1lrI-00h937 for ; Sun, 11 Feb 2018 19:51:30 +0100 From: Bernhard Held To: development@lists.ipfire.org Subject: [PATCH 1/2] proxy.cgi: strip newline from subnet parameter Date: Sun, 11 Feb 2018 19:51:21 +0100 Message-Id: <20180211185122.9243-2-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180211185122.9243-1-berny156@gmx.de> References: <20180211185122.9243-1-berny156@gmx.de> X-Provags-ID: V03:K0:9gnfVycRZUgobYHiVlPwcr3qyJFmi9ICFLltbpq7a1Zwnop9t5U TExB64lZTBYN0mkjU+yMLoQFETmtnqlbcmgZTyXXqIvtfqfB9OoAvhGfKL97ymaXr4IzD7J TLJU3s86Dc2FXv98g0nVW1PcS4Rk0e6N74moUZZ9UCS37k4x1SATgkIf0oOenzJ+5LALg2V 9NzMzYxFNON6/qQzr60hw== X-UI-Out-Filterresults: notjunk:1; V01:K0:kGfSaBx7oZs=:vAKeD5GGfOO1iTf/VfIc8t b/P88AXHnGhm+fZnBNfBx/Ru728wpXC8GRv5lVYdCmmKg4qCAq5uNVaM63Vufj6E4sTzFOZmI +3NsXV/R5YvjIGfaMlE/O3IptgXwjtxkgeO9/AmjxRhxapnzwzaf10CJDnmR3Hh7+wBsLk/W1 DwbBf5OKnaWbZHV7vc3hTHxb4CvrGXSOF368SZj2cOF/mvLvppkwPLTHGovxjLSReZVjtVkKU 6NTnTKgM1+cRooE8TFkJxCD3ncj2T3dBKRdZpU5BIjobkbAaoUtO8LizE0qTq2Qh0NPFoXGaZ z37FJuoNBLHmxbkOMkoo6e2IbJyGJRQCnwHfWHNlOe/H3XJiDeggF8rkVGbA5Wnkh+EJ2YyuP Qlt1yOnid7m259wVMSaq7OEgQ+R+wCHUn0IDLeomfIa1G3iEfPRooEheHlBPCPklDDFfn0Qzr MLTlooVUqJK2TFRS3P+SqPPCPHSk6s5LG9Heg0opyKO6fwIvW1cSgO3d1cc4UGcP8aB3miHln gpDlNmuEkmF5iiJl4FfSxJ4sKafg/oHihlDvfRCjyJcHvH9ydxoBkv54HCUJ4gXG4o8ABGVAW K1gFSY7cJZ/3GChm9rXsTOY5kz1+irapV0NpX2xdaY5ub+Ue+4nH7o/GDXl9GmRq4LNgOB1xG FORsJRaTMW1cnVOfNI86nhiwWkMBSFVnFfwpVtN5kzty2gsND3fPy5eV5san4Koa9efIWqsxm 3O5EqCcYSwM4cWzg4eonRb0nYEW1HIKM8l/auXcBWWKP/p5Ye3yS46Nalx6KKhm8JSmU9QIIa MS05y7rU0hamo7f05XWFgHSlT/SJQ== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" $temp[1] might end with a newline; this is unavoidable when specifying serveral subnets. Thus, 'chomp $temp[1];' has to be moved before the comparisons with the green and blue subnets. Otherwise the comparison might always be true due to the newline. --- html/cgi-bin/proxy.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6aa14e15a..ea3b41126 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3064,12 +3064,12 @@ END foreach (@templist) { @temp = split(/\//); + chomp $temp[1]; if ( ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) ) { - chomp $temp[1]; print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))"; } } From patchwork Mon Feb 12 05:51:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Held X-Patchwork-Id: 1652 Return-Path: Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id 6DC0F60AC5 for ; Sun, 11 Feb 2018 19:52:06 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 54F5A111F63C; Sun, 11 Feb 2018 18:52:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 54F5A111F63C Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=development-bounces@lists.ipfire.org X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 7FCB9111F634 for ; Sun, 11 Feb 2018 18:51:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 mail01.ipfire.org 7FCB9111F634 Authentication-Results: mail01.ipfire.org; dmarc=none (p=none dis=none) header.from=gmx.de Authentication-Results: mail01.ipfire.org; spf=pass smtp.mailfrom=berny156@gmx.de Received: from quad.berny.local ([46.244.225.239]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0MBVwM-1evR6S2Zi2-00AY47 for ; Sun, 11 Feb 2018 19:51:30 +0100 From: Bernhard Held To: development@lists.ipfire.org Subject: [PATCH 2/2] proxy.cgi: fix subnet comparison Date: Sun, 11 Feb 2018 19:51:22 +0100 Message-Id: <20180211185122.9243-3-berny156@gmx.de> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180211185122.9243-1-berny156@gmx.de> References: <20180211185122.9243-1-berny156@gmx.de> X-Provags-ID: V03:K0:cs2uHImvaNgKDgDPVC8GoNE4QFAG0bKDhJxgglj6exuOy7XDwuk FwhPLEKlaej0S2Ao0NG2QLiGZh5JR8V04E7PZVqHR8kLL4AA9R+O6XgIA7CTNdDmd/NCKlr qSND0TweJZ2OzJIOmn/3CMtSVkW7OBztB6iGLT+jC5tMEQLzsT4g90ToAvq3XpOCY7E+T5u o9HIrvilfd03u7tww9oDA== X-UI-Out-Filterresults: notjunk:1; V01:K0:wevjxgUprTI=:XDTFSI0wSXeoENZBtBYFXK v1qxEHex1S/7ooANSsLwWcHqEN5w5JdidmdJiwDkzIhPih/8ikZbmaugg5l6ZwkIQweXT4bU2 N+u5enxg/RyRVMb6SM1nQdVCgtXsVna8SEeC0J9gKDWe+V7nX5Qh9663QXzSnFReYWwMAnlNj ay740eZT8eSOj4Sb6IAHiolYijktp/oMjCwZWdHMUCuWnsppI9qtqI+7dZuNMBSF0h39Irc5x LM0PGo7f6hqAAlJpqbmGFx2jkJgAgKl846CqFU3kLK5sMs2x2GoRNKYahPgjkP1YJBLaEjJOT sIRtEeM870Z6x8PPFLbWtRxKzPRZ5Jkhy80JFZeH3bnW4yxoWibw2Sr6ifep+tLSZU3EvVlYN JfgU0zhAdjN9jUbtg0mBfYRTnVWEKabFz30lmNiJUrj4lUXXnIJFs+R0FD7VwfhHa+sB1ku2W 75lTWHITlO4nomLWJmeosuIbuAOdpKAnZ6VlJhDp8nOb080mDSqzAfptXjzbnU4v0ZXZ4dhat UxguLZdXnqwPjfsHYhEnaPg/OvkAZXzURMNs332oQbHgy8Tj1KsTwZ+dDolfMF0Qrb2QxQAoi Vb55o+7vKJd9yNlq5zMtdJhsht13R68iaiLvnN8A3WCljtClrFDz/doD4Vx9aMsKbWAYJZdow Pg+0bltpzhlG4/QFFGngaUoU9tNY/Rm2CbeCkuRVwC2f4bq1C0AuuZssCfOhemjMpMkRtDQ/L 7c846BEYIlg2iwwjA3nrwZZCsiM/bv1UglKPGyRmoMKaH1P4CeSMsAhu5Z75c1YaxEevaHzhK W1IvXujdTXmmXPXThMzD/rBjDBSzw== X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The logic of subnet comparison is broken. E.g. if the blue netmask is 255.255.255.0, it's impossible to add a VPN subnet with the same netmask. The proposed patch compares the subnets individually. --- html/cgi-bin/proxy.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index ea3b41126..4993dde86 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3066,8 +3066,8 @@ END @temp = split(/\//); chomp $temp[1]; if ( - ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsettings{'GREEN_NETMASK'}) && - ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsettings{'BLUE_NETMASK'}) + (($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) && + (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] ne $netsettings{'BLUE_NETMASK'})) ) { print FILE " ||\n (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";