From mboxrd@z Thu Jan  1 00:00:00 1970
From: Bernhard Held <berny156@gmx.de>
To: development@lists.ipfire.org
Subject:
 [PATCH v3 4/4] proxy.cgi: fix subnet comparison for proxy.pac generation
Date: Wed, 14 Feb 2018 20:35:22 +0100
Message-ID: <20180214193522.26880-5-berny156@gmx.de>
In-Reply-To: <20180214193522.26880-1-berny156@gmx.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0186493777008824565=="
List-Id: <development.lists.ipfire.org>

--===============0186493777008824565==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The logic of subnet comparison is broken. E.g. if the blue netmask is
255.255.255.0, it's impossible to add a VPN subnet with the same netmask.
The fix simplifies the logic by using Network::network_equal.
---
 html/cgi-bin/proxy.cgi | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index d565ffbdc..d641c3df9 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3066,9 +3066,10 @@ END
 			foreach (@templist)
 			{
 				@temp =3D split(/\//);
-				if (
-					($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne $netsett=
ings{'GREEN_NETMASK'}) &&
-					($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne $netsetti=
ngs{'BLUE_NETMASK'})
+				unless (
+					# GREEN or BLUE networks are already added to "DIRECT". Check if given =
network is different from these.
+					&Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'GREEN_NETAD=
DRESS'}/$netsettings{'GREEN_NETMASK'}") ||
+					&Network::network_equal("$temp[0]/$temp[1]", "$netsettings{'BLUE_NETADD=
RESS'}/$netsettings{'BLUE_NETMASK'}")
 					)
 				{
 					print FILE " ||\n     (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\=
"))";
--=20
2.16.1


--===============0186493777008824565==--