diff options
author | jim-p <jimp@pfsense.org> | 2012-02-14 12:32:20 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-02-14 12:32:20 -0500 |
commit | cf0a2714c23c642d4119b2bb0e6ac887538967eb (patch) | |
tree | 0fb138a28751213bc76f13e94c90bc126649e28f /etc/inc/vpn.inc | |
parent | 846a6dc2e961784247b15960fb3116666335d586 (diff) | |
download | pfsense-cf0a2714c23c642d4119b2bb0e6ac887538967eb.zip pfsense-cf0a2714c23c642d4119b2bb0e6ac887538967eb.tar.gz |
Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201
Diffstat (limited to 'etc/inc/vpn.inc')
-rw-r--r-- | etc/inc/vpn.inc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 212766e..e65708a 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -692,6 +692,11 @@ EOD; if ($localid_type != "address") { $localid_type = "subnet"; } + // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. + if (!is_subnet($localid_data)) { + log_error("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet."); + continue; + } $localid_spec = $localid_type." ".$localid_data." any"; } @@ -871,6 +876,10 @@ EOD; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); $remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true); + // Error will be logged above, no need to log this twice. #2201 + if (!is_subnet($localid)) + continue; + if(($ph2ent['mode'] == "tunnel") or ($ph2ent['mode'] == 'tunnel6')) { if($ph2ent['mode'] == "tunnel6") $family = "-6"; |