From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] vpnmain.cgi: Fix for 2nd part of bug10595
Date: Wed, 11 Dec 2024 12:51:43 +0100 [thread overview]
Message-ID: <20241211115144.2837-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2376 bytes --]
- Bug10595 had two parts in it and was closed after the first part was fixed. The second
part was still unfixed at that time. I cam across it when checking out an open bug on
a similar issue with OpenVPN.
- I found the section that checks on the CA Name and modified it to also allow spaces.
- Having modified that then the subroutines getsubjectfromcert and getCNfromcert required
to have quotation marks put around the parameter that had the CA Name with spaces in it
otherwise the openssl statement only got a filename with the first portion of the ca
name until the first space was encountered.
- Tested this change out on my vm and it worked fine. I was able to upload a ca
certificate into IPSec and use spaces in the CA Name.
Fixes: Bug10595 part 2
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
html/cgi-bin/vpnmain.cgi | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
mode change 100755 => 100644 html/cgi-bin/vpnmain.cgi
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100755
new mode 100644
index 3541aaa29..694eeed76
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -245,7 +245,7 @@ sub callssl ($) {
###
sub getCNfromcert ($) {
#&General::log("ipsec", "Extracting name from $_[0]...");
- my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+ my $temp = `/usr/bin/openssl x509 -text -in '$_[0]'`;
$temp =~ /Subject:.*CN\s*=\s*(.*)[\n]/;
$temp = $1;
$temp =~ s+/Email+, E+;
@@ -259,7 +259,7 @@ sub getCNfromcert ($) {
###
sub getsubjectfromcert ($) {
#&General::log("ipsec", "Extracting subject from $_[0]...");
- my $temp = `/usr/bin/openssl x509 -text -in $_[0]`;
+ my $temp = `/usr/bin/openssl x509 -text -in '$_[0]'`;
$temp =~ /Subject: (.*)[\n]/;
$temp = $1;
$temp =~ s+/Email+, E+;
@@ -644,8 +644,8 @@ END
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
&General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash);
- if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
- $errormessage = $Lang::tr{'name must only contain characters'};
+ if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9 ]*$/) {
+ $errormessage = $Lang::tr{'ca name must only contain characters or spaces'};
goto UPLOADCA_ERROR;
}
--
2.47.1
next reply other threads:[~2024-12-11 11:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-11 11:51 Adolf Belka [this message]
2024-12-11 11:51 ` [PATCH 2/2] en.pl: Update the wording for the check on the CA Name for upload Adolf Belka
2024-12-11 17:00 ` [PATCH 1/2] vpnmain.cgi: Fix for 2nd part of bug10595 Michael Tremer
2024-12-11 17:28 ` Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241211115144.2837-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox