diff options
author | Ermal <eri@pfsense.org> | 2014-04-07 09:06:04 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-04-07 09:06:04 +0000 |
commit | a7ee038bce3d47c3e51409b3775b617319c3a4fd (patch) | |
tree | a70a823321204809dba4bec62df7387262207b61 /etc | |
parent | 39f3d843dc3a22fb176b9c81568318c872f851cd (diff) | |
download | pfsense-a7ee038bce3d47c3e51409b3775b617319c3a4fd.zip pfsense-a7ee038bce3d47c3e51409b3775b617319c3a4fd.tar.gz |
Put the fix to be more generic to prevent any other leak possible in the long run. Fixes #3062
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 3ea2f52..6c00fdf 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -1882,8 +1882,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut else captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - REUSING IP {$cpentry[2]} WITH DIFFERENT MAC ADDRESS {$cpentry[3]}"); $sessionid = $cpentry[5]; - /* Release unused pipe number */ - captiveportal_free_dn_ruleno($pipeno); break; } elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpentry[4] == $username)) { @@ -2010,8 +2008,13 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED"); } } - } else + } else { + /* NOTE: #3062-11 If the pipeno has been allocated free it to not DoS the CP and maintain proper operation as in radius() case */ + if (!is_null($pipeno)) + captiveportal_free_dn_ruleno($pipeno); + unlock($cpdblck); + } if ($writecfg == true) write_config(); |