diff options
author | jim-p <jimp@pfsense.org> | 2017-05-22 12:35:17 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-05-22 12:35:17 -0400 |
commit | 39fed386534d3e7dc6fc248cc6cdf831cf422000 (patch) | |
tree | aba0b20930e0daf5f0ab950956be0d725e153054 /src | |
parent | bc3669e4e88cb75eb987ee073a5360f4a69b10b1 (diff) | |
download | pfsense-39fed386534d3e7dc6fc248cc6cdf831cf422000.zip pfsense-39fed386534d3e7dc6fc248cc6cdf831cf422000.tar.gz |
Fix OpenVPN server port validation to disallow "0". 0 is still OK for client port, which is the same meaning as blank/empty. Fixes #7565
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/openvpn.inc | 9 | ||||
-rw-r--r-- | src/usr/local/www/vpn_openvpn_server.php | 2 |
2 files changed, 7 insertions, 4 deletions
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index 63ceaa2..ee56e49 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -509,10 +509,13 @@ function openvpn_validate_host($value, $name) { return false; } -function openvpn_validate_port($value, $name) { +function openvpn_validate_port($value, $name, $first_port = 0) { $value = trim($value); - if (empty($value) || !is_numeric($value) || $value < 0 || ($value > 65535)) { - return sprintf(gettext("The field '%s' must contain a valid port, ranging from 0 to 65535."), $name); + if (!is_numeric($first_port)) { + $first_port = 0; + } + if (empty($value) || !is_numeric($value) || $value < $first_port || ($value > 65535)) { + return sprintf(gettext("The field '%s' must contain a valid port, ranging from {$first_port} to 65535."), $name); } return false; } diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 910b632..5416b70 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -295,7 +295,7 @@ if ($_POST['save']) { } /* input validation */ - if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { + if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port', 1)) { $input_errors[] = $result; } |