Commit c3e74008 authored by Franco Fichtner's avatar Franco Fichtner

openvpn: validate IPv4 CIDR more strictly to prevent OpenVPN startup error; closes #1389

parent 4462372b
......@@ -284,13 +284,19 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv
}
}
function openvpn_validate_cidr_ipv4($value) {
function openvpn_validate_cidr_ipv4($value)
{
$value = trim($value);
if (!empty($value)) {
list($ip, $mask) = explode('/', $value);
if (!is_ipaddrv4($ip) or !is_numeric($mask) or ($mask > 32) or ($mask < 0)) {
return false;
}
/* IPv4 case is very strict, cannot be a host address */
$mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
if ((ip2long($ip) & $mask) != ip2long($ip)) {
return false;
}
}
return true;
}
......@@ -301,7 +307,7 @@ function openvpn_validate_cidr_ipv6($value)
if (!empty($value)) {
list($ipv6, $prefix) = explode('/', $value);
if (empty($prefix)) {
$prefix = "128";
$prefix = '128';
}
if (!is_ipaddrv6($ipv6) or !is_numeric($prefix) or ($prefix > 128) or ($prefix < 0)) {
return false;
......@@ -310,7 +316,7 @@ function openvpn_validate_cidr_ipv6($value)
return true;
}
function openvpn_add_dhcpopts(& $settings, & $conf)
function openvpn_add_dhcpopts(&$settings, &$conf)
{
if (!empty($settings['dns_domain'])) {
$conf .= "push \"dhcp-option DOMAIN {$settings['dns_domain']}\"\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment