diff options
author | Ermal <eri@pfsense.org> | 2013-01-24 09:57:22 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-01-24 09:57:22 +0000 |
commit | 0e22dda58ddc010d12126ed6af6589ff76d03043 (patch) | |
tree | e7396e447b3f7cb6e4582df870f4f022af9c3bf8 /usr/local/www | |
parent | 7309ff3915c58fd664618f01a91dbe8ac9dd2526 (diff) | |
download | pfsense-0e22dda58ddc010d12126ed6af6589ff76d03043.zip pfsense-0e22dda58ddc010d12126ed6af6589ff76d03043.tar.gz |
Put some more sanity checking for various interface configurations
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/interfaces_bridge.php | 6 | ||||
-rw-r--r-- | usr/local/www/interfaces_bridge_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/interfaces_gif.php | 6 | ||||
-rw-r--r-- | usr/local/www/interfaces_gif_edit.php | 4 | ||||
-rw-r--r-- | usr/local/www/interfaces_gre.php | 6 | ||||
-rw-r--r-- | usr/local/www/interfaces_lagg.php | 6 | ||||
-rw-r--r-- | usr/local/www/interfaces_lagg_edit.php | 15 | ||||
-rwxr-xr-x | usr/local/www/interfaces_vlan.php | 6 | ||||
-rwxr-xr-x | usr/local/www/interfaces_vlan_edit.php | 3 |
9 files changed, 46 insertions, 8 deletions
diff --git a/usr/local/www/interfaces_bridge.php b/usr/local/www/interfaces_bridge.php index 44a21d5..986cd27 100644 --- a/usr/local/www/interfaces_bridge.php +++ b/usr/local/www/interfaces_bridge.php @@ -59,8 +59,12 @@ function bridge_inuse($num) { } if ($_GET['act'] == "del") { + if (!isset($_GET['id'])) + $input_errors[] = getext("Wrong parameters supplied"); + else if (empty($a_bridges[$_GET['id']])) + $input_errors[] = getext("Wrong index supplied"); /* check if still in use */ - if (bridge_inuse($_GET['id'])) { + else if (bridge_inuse($_GET['id'])) { $input_errors[] = gettext("This bridge cannot be deleted because it is assigned as an interface."); } elseif (!does_interface_exist($a_bridges[$_GET['id']]['bridgeif'])) { $input_errors[] = gettext("Invalid bridge interface."); diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index e572e45..c777d0b 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -150,6 +150,8 @@ if ($_POST) { if (is_array($_POST['members'])) { foreach($_POST['members'] as $ifmembers) { + if (empty($config['interfaces'][$ifmembers])) + $input_errors[] = gettext("A member interface passed does not exist in configuration"); if (is_array($config['interfaces'][$ifmembers]['wireless']) && $config['interfaces'][$ifmembers]['wireless']['mode'] != "hostap") $input_errors[] = gettext("Bridging a wireless interface is only possible in hostap mode."); diff --git a/usr/local/www/interfaces_gif.php b/usr/local/www/interfaces_gif.php index 415c50a..ed6b41b 100644 --- a/usr/local/www/interfaces_gif.php +++ b/usr/local/www/interfaces_gif.php @@ -59,8 +59,12 @@ function gif_inuse($num) { } if ($_GET['act'] == "del") { + if (!isset($_GET['id'])) + $input_errors[] = getext("Wrong parameters supplied"); + else if (empty($a_gifs[$_GET['id']])) + $input_errors[] = getext("Wrong index supplied"); /* check if still in use */ - if (gif_inuse($_GET['id'])) { + else if (gif_inuse($_GET['id'])) { $input_errors[] = gettext("This gif TUNNEL cannot be deleted because it is still being used as an interface."); } else { mwexec("/sbin/ifconfig " . $a_gifs[$_GET['id']]['gifif'] . " destroy"); diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index ea1d3d3..f12f917 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -80,7 +80,7 @@ if ($_POST) { (!is_ipaddr($_POST['remote-addr']))) { $input_errors[] = gettext("The tunnel local and tunnel remote fields must have valid IP addresses."); } - + $alias = strstr($_POST['if'],'|'); if ((is_ipaddrv4($alias) && !is_ipaddrv4($_POST['remote-addr'])) || (is_ipaddrv6($alias) && !is_ipaddrv6($_POST['remote-addr']))) @@ -91,7 +91,7 @@ if ($_POST) { continue; /* FIXME: needs to perform proper subnet checks in the feature */ - if (($gif['if'] == strtok($_POST['if'],'|')) && ($gif['tunnel-remote-addr'] == $_POST['tunnel-remote-addr'])) { + if (($gif['if'] == $interface && ($gif['tunnel-remote-addr'] == $_POST['tunnel-remote-addr'])) { $input_errors[] = sprintf(gettext("A gif with the network %s is already defined."), $gif['tunnel-remote-addr']); break; } diff --git a/usr/local/www/interfaces_gre.php b/usr/local/www/interfaces_gre.php index 0cb8cd7..e4e3954 100644 --- a/usr/local/www/interfaces_gre.php +++ b/usr/local/www/interfaces_gre.php @@ -60,8 +60,12 @@ function gre_inuse($num) { } if ($_GET['act'] == "del") { + if (!isset($_GET['id'])) + $input_errors[] = getext("Wrong parameters supplied"); + else if (empty($a_gres[$_GET['id']])) + $input_errors[] = getext("Wrong index supplied"); /* check if still in use */ - if (gre_inuse($_GET['id'])) { + else if (gre_inuse($_GET['id'])) { $input_errors[] = gettext("This GRE tunnel cannot be deleted because it is still being used as an interface."); } else { mwexec("/sbin/ifconfig " . $a_gres[$_GET['id']]['greif'] . " destroy"); diff --git a/usr/local/www/interfaces_lagg.php b/usr/local/www/interfaces_lagg.php index fccb60f..51dbfe0 100644 --- a/usr/local/www/interfaces_lagg.php +++ b/usr/local/www/interfaces_lagg.php @@ -65,8 +65,12 @@ function lagg_inuse($num) { } if ($_GET['act'] == "del") { + if (!isset($_GET['id'])) + $input_errors[] = getext("Wrong parameters supplied"); + else if (empty($a_laggs[$_GET['id']])) + $input_errors[] = getext("Wrong index supplied"); /* check if still in use */ - if (lagg_inuse($_GET['id'])) { + else if (lagg_inuse($_GET['id'])) { $input_errors[] = gettext("This LAGG interface cannot be deleted because it is still being used."); } else { mwexec_bg("/sbin/ifconfig " . $a_laggs[$_GET['id']]['laggif'] . " destroy"); diff --git a/usr/local/www/interfaces_lagg_edit.php b/usr/local/www/interfaces_lagg_edit.php index 5c2a181..3c6ee5a 100644 --- a/usr/local/www/interfaces_lagg_edit.php +++ b/usr/local/www/interfaces_lagg_edit.php @@ -62,6 +62,8 @@ $checklist = get_configured_interface_list(false, true); foreach ($checklist as $tmpif) $realifchecklist[get_real_interface($tmpif)] = $tmpif; +$laggprotos = array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin"); + $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; @@ -87,6 +89,17 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if (is_array($_POST['members'])) { + foreach ($_POST['members'] as $member) { + if (!does_interface_exist($_POST['members'])) + $input_errors[] = gettext("Interface supplied as member is invalid"); + } + } else if (!does_interface_exist($_POST['members'])) + $input_errors[] = gettext("Interface supplied as member is invalid"); + + if (!in_array($_POST['proto'], $laggprotos)) + $input_errors[] = gettext("Protocol supplied is invalid"); + if (!$input_errors) { $lagg = array(); $lagg['members'] = implode(',', $_POST['members']); @@ -154,7 +167,7 @@ include("head.inc"); <td class="vtable"> <select name="proto" class="formselect" id="proto"> <?php - foreach (array("none", "lacp", "failover", "fec", "loadbalance", "roundrobin") as $proto) { + foreach ($laggprotos as $proto) { echo "<option value=\"{$proto}\""; if ($proto == $pconfig['proto']) echo "selected"; diff --git a/usr/local/www/interfaces_vlan.php b/usr/local/www/interfaces_vlan.php index dadeb07..46f10cc 100755 --- a/usr/local/www/interfaces_vlan.php +++ b/usr/local/www/interfaces_vlan.php @@ -60,8 +60,12 @@ function vlan_inuse($num) { } if ($_GET['act'] == "del") { + if (!isset($_GET['id'])) + $input_errors[] = getext("Wrong parameters supplied"); + else if (empty($a_vlans[$_GET['id']])) + $input_errors[] = getext("Wrong index supplied"); /* check if still in use */ - if (vlan_inuse($_GET['id'])) { + else if (vlan_inuse($_GET['id'])) { $input_errors[] = gettext("This VLAN cannot be deleted because it is still being used as an interface."); } elseif (!does_interface_exist($a_vlans[$_GET['id']]['vlanif'])) { $input_errors[] = gettext("Invalid VLAN interface."); diff --git a/usr/local/www/interfaces_vlan_edit.php b/usr/local/www/interfaces_vlan_edit.php index bed4be8..25b7b56 100755 --- a/usr/local/www/interfaces_vlan_edit.php +++ b/usr/local/www/interfaces_vlan_edit.php @@ -80,6 +80,9 @@ if ($_POST) { $input_errors[] = gettext("The VLAN tag must be an integer between 1 and 4094."); } + if (!does_interface_exist($_POST['if'])) + $input_errors[] = gettext("Interface supplied as parent is invalid"); + foreach ($a_vlans as $vlan) { if (isset($id) && ($a_vlans[$id]) && ($a_vlans[$id] === $vlan)) continue; |