diff options
author | Chris Buechler <cmb@pfsense.org> | 2014-11-28 19:33:30 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2014-11-28 19:33:30 -0600 |
commit | c5cd9b7503ba439f215a454d45516f13a79d3746 (patch) | |
tree | 540f806e3ac24e22b9fcb8c3de86bf86878305ef /usr/local | |
parent | a96dc32e35766aa6c0788154a2b246bb76b252c2 (diff) | |
download | pfsense-c5cd9b7503ba439f215a454d45516f13a79d3746.zip pfsense-c5cd9b7503ba439f215a454d45516f13a79d3746.tar.gz |
validate MTU and MSS as integers, and don't allow MSS larger than pf will accept to avoid broken rulesets.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/interfaces.php | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index c044ea7..0d4535e 100644 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -716,6 +716,8 @@ if ($_POST['apply']) { if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) $input_errors[] = gettext("A valid MAC address must be specified."); if ($_POST['mtu']) { + if (!is_numericint($_POST['mtu'])) + $input_errors[] = "MTU must be an integer."; if (substr($wancfg['if'], 0, 3) == 'gif') { $min_mtu = 1280; $max_mtu = 8192; @@ -725,7 +727,7 @@ if ($_POST['apply']) { } if ($_POST['mtu'] < $min_mtu || $_POST['mtu'] > $max_mtu) - $input_errors[] = sprintf(gettext("The MTU must be from %d to %d bytes."), $min_mtu, $max_mtu); + $input_errors[] = sprintf(gettext("The MTU must be between %d and %d bytes."), $min_mtu, $max_mtu); unset($min_mtu, $max_mtu); @@ -751,12 +753,13 @@ if ($_POST['apply']) { continue; if (isset($ifdata['mtu']) && $ifdata['mtu'] > $_POST['mtu']) - $input_errors[] = sprintf(gettext("Interface %s (VLAN) has MTU set to a bigger value"), $ifdata['descr']); + $input_errors[] = sprintf(gettext("Interface %s (VLAN) has MTU set to a larger value"), $ifdata['descr']); } } } - if ($_POST['mss'] && ($_POST['mss'] < 576)) - $input_errors[] = gettext("The MSS must be greater than 576 bytes."); + if ($_POST['mss'] <> '') + if (!is_numericint($_POST['mss']) || ($_POST['mss'] < 576 || $_POST['mss'] > 65535)) + $input_errors[] = gettext("The MSS must be an integer between 576 and 65535 bytes."); /* Wireless interface? */ if (isset($wancfg['wireless'])) { $reqdfields = array("mode"); |