Project

General

Profile

« Previous | Next » 

Revision bfde8f08

Added by Viktor Gurov over 4 years ago

OpenVPN input validation fix. Issue #11362

View differences:

src/usr/local/www/vpn_openvpn_server.php
462 462 

  		




  463
  463
  
    
	/* If we are not in shared key mode, then we need the CA/Cert. */


  		




  464
  464
  
    
	if ($pconfig['mode'] != "p2p_shared_key") {


  		




  465
  
  
    
		if (empty(trim($pconfig['certref']))) {


  		




  466
  
  
    
			$input_errors[] = gettext("The selected certificate is not valid");


  		




  467
  
  
    
		}


  		




  
  465
  
    
		if ($pconfig['mode'] != "server_user") {


  		




  
  466
  
    
			if (empty(trim($pconfig['certref']))) {


  		




  
  467
  
    
				$input_errors[] = gettext("The selected certificate is not valid");


  		




  
  468
  
    
			}


  		




  468
  469
  
    

  		




  469
  
  
    
		if (!empty($pconfig['dh_length']) && !in_array($pconfig['dh_length'], array_keys($openvpn_dh_lengths))) {


  		




  470
  
  
    
			$input_errors[] = gettext("The specified DH Parameter length is invalid or the DH file does not exist.");


  		




  471
  
  
    
		}


  		




  
  470
  
    
			if (!empty($pconfig['dh_length']) && !in_array($pconfig['dh_length'], array_keys($openvpn_dh_lengths))) {


  		




  
  471
  
    
				$input_errors[] = gettext("The specified DH Parameter length is invalid or " .


  		




  
  472
  
    
					"the DH file does not exist.");


  		




  
  473
  
    
			}


  		




  472
  474
  
    

  		




  473
  
  
    
		if (!empty($pconfig['ecdh_curve']) && !openvpn_validate_curve($pconfig['ecdh_curve'])) {


  		




  474
  
  
    
			$input_errors[] = gettext("The specified ECDH Curve is invalid.");


  		




  
  475
  
    
			if (!empty($pconfig['ecdh_curve']) && !openvpn_validate_curve($pconfig['ecdh_curve'])) {


  		




  
  476
  
    
				$input_errors[] = gettext("The specified ECDH Curve is invalid.");


  		




  
  477
  
    
			}


  		




  
  478
  
    
			$reqdfields = explode(" ", "caref certref");


  		




  
  479
  
    
			$reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate"));


  		




  475
  480
  
    
		}


  		




  476
  481
  
    

  		




  477
  482
  
    
		if (($pconfig['ncp_enable'] != "disabled") && !empty($pconfig['data_ciphers']) && is_array($pconfig['data_ciphers'])) {


  		




  ......




  481
  486
  
    
				}


  		




  482
  487
  
    
			}


  		




  483
  488
  
    
		}


  		




  484
  
  
    

  		




  485
  
  
    
		$reqdfields = explode(" ", "caref certref");


  		




  486
  
  
    
		$reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate"));


  		




  487
  489
  
    
	} elseif (!$pconfig['autokey_enable']) {


  		




  488
  490
  
    
		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */


  		




  489
  491
  
    
		$reqdfields = array('shared_key');


  		












Also available in:  Unified diff