From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/3] vpnmain.cgi: Fix for bug13029 - add base64 encoding to
 IPSec cgi page
Date: Fri, 05 Jul 2024 19:18:54 +0200
Message-ID: <20240705171856.3471127-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5741436567436231755=="
List-Id: <development.lists.ipfire.org>

--===============5741436567436231755==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- This adds the base64 encoded PSK into the config file and when the ipsec.se=
crets file
   is created the PSK is base64 decoded to write it to the file. The ipsec.se=
crets file
   surrounds the PSK with single quotation marks so that character is not all=
owed to be
   used in the PSK but anything else can be.
- Tested out on my vm system and shown to be working. New PSK with various ch=
aracters
   characters including commas was base64 encoded before putting into the con=
fig file
   and therefore was accepted by the code. If a single quotation mark was use=
d in the
   PSK then the error message about invalid characters was shown.

Fixes: Bug13029
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 mode change 100644 =3D> 100755 html/cgi-bin/vpnmain.cgi

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100644
new mode 100755
index 25e0f0a53..bde5e11bc
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -481,7 +481,8 @@ sub writeipsecfiles {
 		if ($lconfighash{$key}[4] eq 'psk') {
 			$psk_line =3D ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside=
) . " " ;
 			$psk_line .=3D $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfigha=
sh{$key}[10]; #remoteid or remote address?
-			$psk_line .=3D " : PSK '$lconfighash{$key}[5]'\n";
+			my $decoded_psk =3D MIME::Base64::decode_base64($lconfighash{$key}[5]);
+			$psk_line .=3D " : PSK '$decoded_psk'\n";
 			# if the line contains %any, it is less specific than two IP or ID, so mo=
ve it at end of file.
 			if ($psk_line =3D~ /%any/) {
 				$last_secrets .=3D $psk_line;
@@ -2260,7 +2261,7 @@ END
 	$confighash{$key}[3] =3D $cgiparams{'TYPE'};
 	if ($cgiparams{'AUTH'} eq 'psk') {
 		$confighash{$key}[4] =3D 'psk';
-		$confighash{$key}[5] =3D $cgiparams{'PSK'};
+		$confighash{$key}[5] =3D MIME::Base64::encode_base64($cgiparams{'PSK'}, ""=
);
 	} else {
 		$confighash{$key}[4] =3D 'cert';
 	}
--=20
2.45.2


--===============5741436567436231755==--