diff options
| author | jim-p <jimp@pfsense.org> | 2012-02-14 13:02:14 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-02-14 13:02:14 -0500 |
| commit | d8ee5cfeb59d1f80869cfaa356313e73bad17e38 (patch) | |
| tree | 8147b391bf7091cb40462fed02b3ecbbfcdb845e /usr/local | |
| parent | 50e6e274d921779faf056c4f100b5e2ce6c741be (diff) | |
| download | pfsense-d8ee5cfeb59d1f80869cfaa356313e73bad17e38.zip pfsense-d8ee5cfeb59d1f80869cfaa356313e73bad17e38.tar.gz | |
Reject an interface without a subnet as a network source in the IPsec Phase 2 GUI. Fixes ticket #2201
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 395b81e..8e5f657 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -130,6 +130,16 @@ if ($_POST) { break; } + /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ + if (is_array($config['interfaces'][$pconfig['localid_type']])) { + // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. + $address = get_interface_ip($pconfig['localid_type']); + $netbits = get_interface_subnet($pconfig['localid_type']); + + if (empty($address) || empty($netbits)) + $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); + } + switch ($pconfig['remoteid_type']) { case "network": if (($pconfig['remoteid_netbits'] != 0 && !$pconfig['remoteid_netbits']) || !is_numeric($pconfig['remoteid_netbits'])) |
