diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-11-28 19:17:18 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-11-28 19:17:18 -0600 |
commit | a96dc32e35766aa6c0788154a2b246bb76b252c2 (patch) | |
tree | e8c9a37c89135e8cc2646c1373efb57729716236 | |
parent | 5a663a5d56e019ab09750c1040aec832fdd4e480 (diff) | |
download | pfsense-a96dc32e35766aa6c0788154a2b246bb76b252c2.zip pfsense-a96dc32e35766aa6c0788154a2b246bb76b252c2.tar.gz |
Add input validation on vpn_ipsec_settings.php. Fixes #4052.
-rw-r--r-- | etc/inc/ipsec.inc | 2 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 58 |
2 files changed, 58 insertions, 2 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 7d3dd81..8c0d11f 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -39,7 +39,7 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE "job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface", "net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding", "imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service", - "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib"); + "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSwan Lib"); $my_identifier_list = array( 'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ), diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 216825d..c753048 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -55,7 +55,63 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - + + if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Daemon debug."; + } + if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for SA Manager debug."; + } + if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IKE SA debug."; + } + if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IKE Child SA debug."; + } + if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Job Processing debug."; + } + if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Configuration backend debug."; + } + if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Kernel Interface debug."; + } + if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Networking debug."; + } + if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for ASN Encoding debug."; + } + if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Message encoding debug."; + } + if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Integrity checker debug."; + } + if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Integrity Verifier debug."; + } + if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Platform Trust Service debug."; + } + if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for TLS Handler debug."; + } + if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IPsec Traffic debug."; + } + if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for StrongSwan Lib debug."; + } + if (isset($pconfig['maxmss'])) { + if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') { + $input_errors[] = "An integer must be specified for Maximum MSS."; + } + if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) + $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS"; + } + if (!$input_errors) { if($_POST['preferoldsa_enable'] == "yes") |