From c5cd9b7503ba439f215a454d45516f13a79d3746 Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Fri, 28 Nov 2014 19:33:30 -0600 Subject: validate MTU and MSS as integers, and don't allow MSS larger than pf will accept to avoid broken rulesets. --- usr/local/www/interfaces.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index c044ea7..0d4535e 100644 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -716,6 +716,8 @@ if ($_POST['apply']) { if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) $input_errors[] = gettext("A valid MAC address must be specified."); if ($_POST['mtu']) { + if (!is_numericint($_POST['mtu'])) + $input_errors[] = "MTU must be an integer."; if (substr($wancfg['if'], 0, 3) == 'gif') { $min_mtu = 1280; $max_mtu = 8192; @@ -725,7 +727,7 @@ if ($_POST['apply']) { } if ($_POST['mtu'] < $min_mtu || $_POST['mtu'] > $max_mtu) - $input_errors[] = sprintf(gettext("The MTU must be from %d to %d bytes."), $min_mtu, $max_mtu); + $input_errors[] = sprintf(gettext("The MTU must be between %d and %d bytes."), $min_mtu, $max_mtu); unset($min_mtu, $max_mtu); @@ -751,12 +753,13 @@ if ($_POST['apply']) { continue; if (isset($ifdata['mtu']) && $ifdata['mtu'] > $_POST['mtu']) - $input_errors[] = sprintf(gettext("Interface %s (VLAN) has MTU set to a bigger value"), $ifdata['descr']); + $input_errors[] = sprintf(gettext("Interface %s (VLAN) has MTU set to a larger value"), $ifdata['descr']); } } } - if ($_POST['mss'] && ($_POST['mss'] < 576)) - $input_errors[] = gettext("The MSS must be greater than 576 bytes."); + if ($_POST['mss'] <> '') + if (!is_numericint($_POST['mss']) || ($_POST['mss'] < 576 || $_POST['mss'] > 65535)) + $input_errors[] = gettext("The MSS must be an integer between 576 and 65535 bytes."); /* Wireless interface? */ if (isset($wancfg['wireless'])) { $reqdfields = array("mode"); -- cgit v1.1