From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] ovpnmain.cgi: Fixes bug#13404 - prevents certs being
 saved if common name is already used
Date: Mon, 26 Feb 2024 16:05:00 +0100
Message-ID: <20240226150501.16508-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0867474605276425504=="
List-Id: <development.lists.ipfire.org>

--===============0867474605276425504==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- This was fixed by moving the code for checking if the common name is alread=
y used, to
   the same location as the code for checking if the connection name is alrea=
dy used.
- Tested out on vm testbed and confirmed that the certificates are not create=
d and the
   index.txt not updated if the common name is flagged as already being used.=
 If the
   entry is changed to use a new CN and Save pressed then the certs are saved=
 and the
   index.txt updated. If Cancel is pressed then no certs are saved and index.=
txt is not
   updated.

Fixes: Bug#13404
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 html/cgi-bin/ovpnmain.cgi | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index eb89c5095..98900b277 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -4216,15 +4216,25 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		}
 	    }
=20
-		# Check for RW if client name is already set
-		if ($cgiparams{'TYPE'} eq 'host') {
-			foreach my $key (keys %confighash) {
-				if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
-					$errormessage =3D $Lang::tr{'a connection with this name already exists=
'};
-					goto VPNCONF_ERROR;
-				}
-			}
-		}
+	    # Check for RW if client name is already set
+	    if ($cgiparams{'TYPE'} eq 'host') {
+		    foreach my $key (keys %confighash) {
+			    if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
+				    $errormessage =3D $Lang::tr{'a connection with this name already exi=
sts'};
+				    goto VPNCONF_ERROR;
+		    }
+		    }
+	    }
+
+	    # Check if there is no other entry with this common name
+	    if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
+	        foreach my $key (keys %confighash) {
+		    if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
+		        $errormessage =3D $Lang::tr{'a connection with this common name al=
ready exists'};
+		        goto VPNCONF_ERROR;
+		    }
+	        }
+	    }
=20
 	    # Replace empty strings with a .
 	    (my $ou =3D $cgiparams{'CERT_OU'}) =3D~ s/^\s*$/\./;
@@ -4309,16 +4319,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    goto VPNCONF_ERROR;
 	}
=20
-	# Check if there is no other entry with this common name
-	if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
-	    foreach my $key (keys %confighash) {
-		if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
-		    $errormessage =3D $Lang::tr{'a connection with this common name alread=
y exists'};
-		    goto VPNCONF_ERROR;
-		}
-	    }
-	}
-
     # Save the config
 	my $key =3D $cgiparams{'KEY'};
=20
--=20
2.44.0


--===============0867474605276425504==--