Fix OpenVPN server port validation to disallow "0". 0 is still OK for client port, which is the same meaning as blank/empty. Fixes #7565

2 files changed, 7 insertions, 4 deletions

diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 63ceaa2..ee56e49 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -509,10 +509,13 @@ function openvpn_validate_host($value, $name) {
 	return false;
 }
 
-function openvpn_validate_port($value, $name) {
+function openvpn_validate_port($value, $name, $first_port = 0) {
 	$value = trim($value);
-	if (empty($value) || !is_numeric($value) || $value < 0 || ($value > 65535)) {
-		return sprintf(gettext("The field '%s' must contain a valid port, ranging from 0 to 65535."), $name);
+	if (!is_numeric($first_port)) {
+		$first_port = 0;
+	}
+	if (empty($value) || !is_numeric($value) || $value < $first_port || ($value > 65535)) {
+		return sprintf(gettext("The field '%s' must contain a valid port, ranging from {$first_port} to 65535."), $name);
 	}
 	return false;
 }
diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php
index 910b632..5416b70 100644
--- a/src/usr/local/www/vpn_openvpn_server.php
+++ b/src/usr/local/www/vpn_openvpn_server.php
@@ -295,7 +295,7 @@ if ($_POST['save']) {
 	}
 
 	/* input validation */
-	if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
+	if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port', 1)) {
 		$input_errors[] = $result;
 	}