diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-11-28 19:17:18 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-11-28 19:17:18 -0600 |
commit | a96dc32e35766aa6c0788154a2b246bb76b252c2 (patch) | |
tree | e8c9a37c89135e8cc2646c1373efb57729716236 /usr/local/www/vpn_ipsec_settings.php | |
parent | 5a663a5d56e019ab09750c1040aec832fdd4e480 (diff) | |
download | pfsense-a96dc32e35766aa6c0788154a2b246bb76b252c2.zip pfsense-a96dc32e35766aa6c0788154a2b246bb76b252c2.tar.gz |
Add input validation on vpn_ipsec_settings.php. Fixes #4052.
Diffstat (limited to 'usr/local/www/vpn_ipsec_settings.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 58 |
1 files changed, 57 insertions, 1 deletions
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 216825d..c753048 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -55,7 +55,63 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - + + if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Daemon debug."; + } + if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for SA Manager debug."; + } + if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IKE SA debug."; + } + if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IKE Child SA debug."; + } + if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Job Processing debug."; + } + if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Configuration backend debug."; + } + if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Kernel Interface debug."; + } + if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Networking debug."; + } + if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for ASN Encoding debug."; + } + if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Message encoding debug."; + } + if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Integrity checker debug."; + } + if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Integrity Verifier debug."; + } + if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Platform Trust Service debug."; + } + if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for TLS Handler debug."; + } + if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IPsec Traffic debug."; + } + if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for StrongSwan Lib debug."; + } + if (isset($pconfig['maxmss'])) { + if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') { + $input_errors[] = "An integer must be specified for Maximum MSS."; + } + if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) + $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS"; + } + if (!$input_errors) { if($_POST['preferoldsa_enable'] == "yes") |