diff options
| author | jim-p <jimp@pfsense.org> | 2012-02-14 12:00:55 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-02-14 12:00:55 -0500 |
| commit | 50e6e274d921779faf056c4f100b5e2ce6c741be (patch) | |
| tree | a07efeb773b0b1c8279ce444bf6ab8fbebcbe0a9 /etc/inc/vpn.inc | |
| parent | 009685b8cc70c98f5d9180075cfde5e9aa264d48 (diff) | |
| download | pfsense-50e6e274d921779faf056c4f100b5e2ce6c741be.zip pfsense-50e6e274d921779faf056c4f100b5e2ce6c741be.tar.gz | |
Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201
Diffstat (limited to 'etc/inc/vpn.inc')
| -rw-r--r-- | etc/inc/vpn.inc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ff4482c..b2f9e1e 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -649,6 +649,11 @@ EOD; if ($localid_type != "address") { $localid_type = "subnet"; } + // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. + if (!is_subnet($localid_data)) { + log_error("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet."); + continue; + } $localid_spec = $localid_type." ".$localid_data." any"; } @@ -820,6 +825,10 @@ EOD; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); + // Error will be logged above, no need to log this twice. #2201 + if (!is_subnet($localid)) + continue; + if($ph2ent['mode'] == "tunnel") { $spdconf .= "spdadd {$localid} {$remoteid} any -P out ipsec " . |
