summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2014-11-28 19:17:18 -0600
committerChris Buechler <cmb@pfsense.org>2014-11-28 19:17:18 -0600
commita96dc32e35766aa6c0788154a2b246bb76b252c2 (patch)
treee8c9a37c89135e8cc2646c1373efb57729716236
parent5a663a5d56e019ab09750c1040aec832fdd4e480 (diff)
downloadpfsense-a96dc32e35766aa6c0788154a2b246bb76b252c2.zip
pfsense-a96dc32e35766aa6c0788154a2b246bb76b252c2.tar.gz
Add input validation on vpn_ipsec_settings.php. Fixes #4052.
Diffstat
-rw-r--r--etc/inc/ipsec.inc2
-rw-r--r--usr/local/www/vpn_ipsec_settings.php58
2 files changed, 58 insertions, 2 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 7d3dd81..8c0d11f 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -39,7 +39,7 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
"job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface",
"net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding",
"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service",
- "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib");
+ "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSwan Lib");
$my_identifier_list = array(
'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ),
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 216825d..c753048 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -55,7 +55,63 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
-
+
+ if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Daemon debug.";
+ }
+ if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for SA Manager debug.";
+ }
+ if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for IKE SA debug.";
+ }
+ if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for IKE Child SA debug.";
+ }
+ if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Job Processing debug.";
+ }
+ if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Configuration backend debug.";
+ }
+ if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Kernel Interface debug.";
+ }
+ if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Networking debug.";
+ }
+ if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for ASN Encoding debug.";
+ }
+ if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Message encoding debug.";
+ }
+ if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Integrity checker debug.";
+ }
+ if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Integrity Verifier debug.";
+ }
+ if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for Platform Trust Service debug.";
+ }
+ if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for TLS Handler debug.";
+ }
+ if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for IPsec Traffic debug.";
+ }
+ if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) {
+ $input_errors[] = "A valid value must be specified for StrongSwan Lib debug.";
+ }
+ if (isset($pconfig['maxmss'])) {
+ if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') {
+ $input_errors[] = "An integer must be specified for Maximum MSS.";
+ }
+ if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535)
+ $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";
+ }
+
if (!$input_errors) {
if($_POST['preferoldsa_enable'] == "yes")
OpenPOWER on IntegriCloud