From a96dc32e35766aa6c0788154a2b246bb76b252c2 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 28 Nov 2014 19:17:18 -0600
Subject: Add input validation on vpn_ipsec_settings.php. Fixes #4052.

---
 etc/inc/ipsec.inc                    |  2 +-
 usr/local/www/vpn_ipsec_settings.php | 58 +++++++++++++++++++++++++++++++++++-
 2 files changed, 58 insertions(+), 2 deletions(-)

diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 7d3dd81..8c0d11f 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -39,7 +39,7 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE
 	"job" => "Job Processing", "cfg" => "Configuration backend", "knl" => "Kernel Interface",
 	"net" => "Networking", "asn" => "ASN encoding", "enc" => "Message encoding",
 	"imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service",
-	"tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSWAN Lib");
+	"tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSwan Lib");
 
 $my_identifier_list = array(
 	'myaddress' => array( 'desc' => gettext('My IP address'), 'mobile' => true ),
diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php
index 216825d..c753048 100644
--- a/usr/local/www/vpn_ipsec_settings.php
+++ b/usr/local/www/vpn_ipsec_settings.php
@@ -55,7 +55,63 @@ if ($_POST) {
 
 	unset($input_errors);
 	$pconfig = $_POST;
-
+	
+	if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Daemon debug.";
+	}
+	if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for SA Manager debug.";
+	}
+	if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for IKE SA debug.";
+	}
+	if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for IKE Child SA debug.";
+	}
+	if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Job Processing debug.";
+	}
+	if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Configuration backend debug.";
+	}
+	if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Kernel Interface debug.";
+	}
+	if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Networking debug.";
+	}
+	if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for ASN Encoding debug.";
+	}
+	if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Message encoding debug.";
+	}
+	if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Integrity checker debug.";
+	}
+	if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Integrity Verifier debug.";
+	}
+	if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for Platform Trust Service debug.";
+	}
+	if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for TLS Handler debug.";
+	}
+	if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for IPsec Traffic debug.";
+	}
+	if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) {
+		$input_errors[] = "A valid value must be specified for StrongSwan Lib debug.";
+	}
+	if (isset($pconfig['maxmss'])) {
+		if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') {
+			$input_errors[] = "An integer must be specified for Maximum MSS.";
+		}
+		if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535)
+			$input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS";	
+	}
+	
 	if (!$input_errors) {
 
 		if($_POST['preferoldsa_enable'] == "yes")
-- 
cgit v1.1