diff options
author | jim-p <jimp@pfsense.org> | 2016-12-12 15:37:27 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-12-12 15:38:25 -0500 |
commit | f24b6fb6f7c51b467eba306850cd557231dac29e (patch) | |
tree | 0cd4c3863bcd885691e43edbccddda233f661e21 | |
parent | 768037ee1f59f46b340a08d12f9c07a107d237cc (diff) | |
download | pfsense-f24b6fb6f7c51b467eba306850cd557231dac29e.zip pfsense-f24b6fb6f7c51b467eba306850cd557231dac29e.tar.gz |
Encode the auth server list before passing it on the CLI, to avoid issues with special characters that break when interpreted as URL parameters during OpenVPN auth. Fixes #7002
-rw-r--r-- | src/etc/inc/openvpn.auth-user.php | 2 | ||||
-rw-r--r-- | src/etc/inc/openvpn.inc | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index a3a3e37..a66ce6c 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -129,7 +129,7 @@ function getCalledStationId() { openlog("openvpn", LOG_ODELAY, LOG_AUTH); if (isset($_GET['username'])) { - $authmodes = explode(",", $_GET['authcfg']); + $authmodes = explode(",", base64_decode($_GET['authcfg'])); /* Any string retrieved through $_GET is automatically urlDecoded */ $username = base64_decode($_GET['username']); $password = base64_decode($_GET['password']); diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 5ab3655..5fc7172 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -853,7 +853,7 @@ function openvpn_reconfigure($mode, $settings) { if ($settings['strictusercn']) { $strictusercn = "true"; } - $conf .= "auth-user-pass-verify \"/usr/local/sbin/ovpn_auth_verify user '{$settings['authmode']}' {$strictusercn} {$mode_id} {$settings['local_port']}\" via-env\n"; + $conf .= "auth-user-pass-verify \"/usr/local/sbin/ovpn_auth_verify user " . base64_encode($settings['authmode']) . " {$strictusercn} {$mode_id} {$settings['local_port']}\" via-env\n"; } break; } |