Bug #5720
closed
4 minor possible bugs - can someone review?
100%
Description
(Also noted as possible issues on Github, PR #2340)
In looking at redmine #5702 / PR #2340, I found 4 minor possible validation/range issues in related code. Can someone check these and see if they are ok or need fixing?
1) src/usr/local/www/vpn_l2tp.php
no validation of $_POST['n_l2tp_units'] being an integer, before relying on it in calculations?
2) src/usr/local/www/services_pppoe_edit.php
no validation of $_POST['pppoe_subnet'] being an integer, before relying on it in calculations?
3+4) src/usr/local/www/services_dhcp.php
Line 428: is the logic right? If the input range contains a pool range, then the start and end won't be in the pool range but surely it should still give an error? Should the logic here, be:
if ((TEST_START > POOL_END) || (TEST_END < POOL_START))
{ok}
else
{bad}
Line 447-8: should the test be <= and >=, not < and >, if checking for an overlap?
Updated by
Updated by Stilez y over 9 years ago
(note, Phil Davis has looked into items 3 and 4, see https://redmine.pfsense.org/issues/5722 )
Updated by Phillip Davis over 9 years ago
Items 3 and 4 - yes you are correct and I checked and found a bunch of validation things there. I raised issue https://redmine.pfsense.org/issues/5722 to help keep that nicely separated from the other things here. See that issue for the full list of validation issues I found and the PRs to fix it in RELENG_2_2 and master for 2.3.
Updated by Renato Botelho over 9 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Updated by Anonymous