diff options
author | smos <seth.mos@dds.nl> | 2011-02-21 13:29:42 +0100 |
---|---|---|
committer | smos <seth.mos@dds.nl> | 2011-02-21 13:29:42 +0100 |
commit | 71e91e500db136b4cadd51c4c2ad4fd4f9a5dd04 (patch) | |
tree | fe7207d48cacf68e719f5988e7e4a677939e8355 /etc | |
parent | 621a459aecf34cb3f53bc9f8a688cc1b820d6b7f (diff) | |
download | pfsense-71e91e500db136b4cadd51c4c2ad4fd4f9a5dd04.zip pfsense-71e91e500db136b4cadd51c4c2ad4fd4f9a5dd04.tar.gz |
Add more safeguards and IP address checks
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/vpn.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index ac5b85d..624098d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -814,7 +814,7 @@ EOD; continue; $rgip = $rgmap[$ph1ent['remote-gateway']]; - if(!$rgip) + if(!is_ipaddr($rgip)) continue; $localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true); @@ -847,7 +847,7 @@ EOD; else $parentinterface = $ph1ent['interface']; - if ($parentinterface <> "wan") { + if (($parentinterface <> "wan") && (is_ipaddr($rgip))) { /* add endpoint routes to correct gateway on interface */ if (interface_has_gateway($parentinterface)) { $gatewayip = get_interface_gateway("$parentinterface"); @@ -865,7 +865,7 @@ EOD; } } } - } else { + } elseif(is_ipaddr($rgip)) { if(stristr($route_str, "{$rgip}")) { mwexec("/sbin/route delete -host {$rgip}", true); } @@ -1687,7 +1687,7 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { } else { add_hostname_to_watch($phase1['remote-gateway']); } - if (!$rgip) { + if (!is_ipaddr($rgip)) { log_error("Could not determine VPN endpoint for '{$phase1['descr']}'"); return false; } |