Add input validation on vpn_ipsec_settings.php. Fixes #4052.

1 files changed, 57 insertions, 1 deletions

diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 216825d..c753048 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -55,7 +55,63 @@ if ($_POST) {
 
 	unset($input_errors);
 	$pconfig = $_POST;
-
+	
+	if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Daemon debug.";
+	}
+	if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for SA Manager debug.";
+	}
+	if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for IKE SA debug.";
+	}
+	if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for IKE Child SA debug.";
+	}
+	if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Job Processing debug.";
+	}
+	if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Configuration backend debug.";
+	}
+	if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Kernel Interface debug.";
+	}
+	if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Networking debug.";
+	}
+	if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for ASN Encoding debug.";
+	}
+	if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Message encoding debug.";
+	}
+	if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Integrity checker debug.";
+	}
+	if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Integrity Verifier debug.";
+	}
+	if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Platform Trust Service debug.";
+	}
+	if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for TLS Handler debug.";
+	}
+	if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for IPsec Traffic debug.";
+	}
+	if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for StrongSwan Lib debug.";
+	}
+	if (isset($pconfig['maxmss'])) {
+		if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') {
+			$input_errors[] = "An integer must be specified for Maximum MSS.";
+		}
+		if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535)
+			$input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";	
+	}
+	
 	if (!$input_errors) {
 
 		if($_POST['preferoldsa_enable'] == "yes")