diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-03-12 16:48:36 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-03-12 16:48:36 -0500 |
| commit | bda6c6bf4f304cee0b0cd99d51fc813b06ae76b4 (patch) | |
| tree | e4b4e3f4901fc20eb692140ba8d3a6accfc214aa | |
| parent | b00b6c066c5f7c553bcd1d0cf69aa28d0e1106dd (diff) | |
| download | pfsense-bda6c6bf4f304cee0b0cd99d51fc813b06ae76b4.zip pfsense-bda6c6bf4f304cee0b0cd99d51fc813b06ae76b4.tar.gz | |
Add more input validation for wireless parameters. Ticket #4516
| -rw-r--r-- | usr/local/www/interfaces.php | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index c5b39ec..b52a44a 100644 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -771,9 +771,45 @@ if ($_POST['apply']) { if ($_POST['mode'] == 'hostap') { $reqdfields[] = "ssid"; $reqdfieldsn[] = gettext("SSID"); + if (stristr($_POST['standard'], '11n')) { + if (!($_POST['wme_enable'])) { + $input_errors[] = gettext("802.11n standards require enabling WME."); + } + } } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); check_wireless_mode(); + if (isset($_POST['wpa_group_rekey']) && (!is_numericint($_POST['wpa_group_rekey']) || $_POST['wpa_group_rekey'] < 1 || $_POST['wpa_group_rekey'] > 9999)) { + $input_errors[] = gettext("Key Rotation must be an integer between 1 and 9999."); + } + if (isset($_POST['wpa_gmk_rekey']) && (!is_numericint($_POST['wpa_gmk_rekey']) || $_POST['wpa_gmk_rekey'] < 1 || $_POST['wpa_gmk_rekey'] > 9999)) { + $input_errors[] = gettext("Master Key Regeneration must be an integer between 1 and 9999."); + } + if (isset($_POST['wpa_group_rekey']) && isset($_POST['wpa_gmk_rekey'])) { + if ($_POST['wpa_group_rekey'] > $_POST['wpa_gmk_rekey']) { + $input_errors[] = gettext("Master Key Regeneration must be greater than Key Rotation."); + } + } + if (!empty($_POST['auth_server_addr'])) { + if (!is_domain($_POST['auth_server_addr']) && !is_ipaddr($_POST['auth_server_addr'])) { + $input_errors[] = gettext("802.1X Authentication Server must be an IP or hostname."); + } + } + if (!empty($_POST['auth_server_addr2'])) { + if (!is_domain($_POST['auth_server_addr2']) && !is_ipaddr($_POST['auth_server_addr2'])) { + $input_errors[] = gettext("Secondary 802.1X Authentication Server must be an IP or hostname."); + } + } + if (!empty($_POST['auth_server_port'])) { + if (!is_port($_POST['auth_server_port'])) { + $input_errors[] = gettext("802.1X Authentication Server Port must be a valid port number (1-65535)."); + } + } + if (!empty($_POST['auth_server_port2'])) { + if (!is_port($_POST['auth_server_port2'])) { + $input_errors[] = gettext("Secondary 802.1X Authentication Server Port must be a valid port number (1-65535)."); + } + } /* loop through keys and enforce size */ for ($i = 1; $i <= 4; $i++) { if ($_POST['key' . $i]) { |
