diff options
author | jim-p <jimp@pfsense.org> | 2017-01-04 14:10:18 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-01-04 14:10:18 -0500 |
commit | d66cfa3d2a0dec1c30931aa9a3b8458069eb373e (patch) | |
tree | 0f9d786ab2fa8351bce3aad0fff99259c95ba783 /src/usr/local/www/vpn_openvpn_server.php | |
parent | c73367d281da3f894ed9e8c042ac03b8d7864340 (diff) | |
download | pfsense-d66cfa3d2a0dec1c30931aa9a3b8458069eb373e.zip pfsense-d66cfa3d2a0dec1c30931aa9a3b8458069eb373e.tar.gz |
Validate the submitted Encryption Algorithm and NCP Algorithm list. Ticket #7072
Diffstat (limited to 'src/usr/local/www/vpn_openvpn_server.php')
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 8fd8438..4c9ae64 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -265,6 +265,11 @@ if ($_POST) { $vpnid = 0; } + $cipher_validation_list = array_keys(openvpn_get_cipherlist()); + if (!in_array($pconfig['crypto'], $cipher_validation_list)) { + $input_errors[] = gettext("The selected Encryption Algorithm is not valid."); + } + list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']); if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { $input_errors[] = gettext("Protocol and IP address families do not match. An IPv6 protocol and an IPv4 IP address cannot be selected."); @@ -423,6 +428,12 @@ if ($_POST) { $input_errors[] = gettext("The specified ECDH Curve is invalid."); } + foreach ($pconfig['ncp-ciphers'] as $ncpc) { + if (!in_array($ncpc, $cipher_validation_list)) { + $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + } + } + $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate")); } elseif (!$pconfig['autokey_enable']) { |