pfSense

(Also noted as possible issues on Github, PR #2340)

In looking at redmine #5702 / PR #2340, I found 4 minor possible validation/range issues in related code. Can someone check these and see if they are ok or need fixing?

1) src/usr/local/www/vpn_l2tp.php
no validation of $_POST['n_l2tp_units'] being an integer, before relying on it in calculations?

2) src/usr/local/www/services_pppoe_edit.php
no validation of $_POST['pppoe_subnet'] being an integer, before relying on it in calculations?

3+4) src/usr/local/www/services_dhcp.php
Line 428: is the logic right? If the input range contains a pool range, then the start and end won't be in the pool range but surely it should still give an error? Should the logic here, be:

if ((TEST_START > POOL_END) || (TEST_END < POOL_START))
   {ok}
else
   {bad}

Line 447-8: should the test be <= and >=, not < and >, if checking for an overlap?