* [PATCH] vpnmain.cgi: Fixes bug13833 - ipsec cert renewal bug
@ 2025-04-27 18:58 Adolf Belka
0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2025-04-27 18:58 UTC (permalink / raw)
To: development; +Cc: Adolf Belka
- This patch corrects the encoding section which was incorrectly set up to have the
encoding set up when the BASE_64 parameter was set to YES. This meant that the
encoded PSK was then encoded a further time and the ipsec.secrets file PSK entry
was set as the decoded version of that twice encoded PSK. This could then happen again
and again with the PSK being encoded twice or more times.
- This patch only base64 encodes the PSK if the BASE_64 paramter is not set to YES, which
means set to empty.
- This patch set has been tested with PSK's from restored backaups from when the PSK was
not base64 encoded. It has also been tested on non base64 encoded PSK's that have
then had the Save button on the PSK edit screen pressed and also on PSK's that have
already been base64 encoded. In all cases the correct base64 encoding was carried
out and multiple Saves of the PSK Edit screen no longer give further base64 encodings
of the already base64 encoded PSK.
- The problem with the original patch for this issue was that the emcoding was not done
for the correct BASE_64 status.
Fixes: Bug13833
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/vpnmain.cgi | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 1c9f9243b..778ec25c4 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1879,7 +1879,7 @@ END
}
if ($cgiparams{'AUTH'} eq 'psk') {
- $cgiparams{'BASE_64'} = 'YES';
+ $cgiparams{'BASE_64'} = $confighash{$cgiparams{'KEY'}}[40];
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
goto VPNCONF_ERROR;
@@ -2248,7 +2248,7 @@ END
my $key = $cgiparams{'KEY'};
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 40) { $confighash{$key}[$i] = "";}
}
$confighash{$key}[0] = $cgiparams{'ENABLED'};
$confighash{$key}[1] = $cgiparams{'NAME'};
@@ -2259,11 +2259,10 @@ END
if ($cgiparams{'AUTH'} eq 'psk') {
$confighash{$key}[4] = 'psk';
if ($cgiparams{'BASE_64'} eq 'YES') {
+ $confighash{$key}[5] = $cgiparams{'PSK'};
+ } else {
$confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, "");
$confighash{$key}[40] = 'YES';
- } else {
- $confighash{$key}[5] = $cgiparams{'PSK'};
- $confighash{$key}[40] = '';
}
} else {
$confighash{$key}[4] = 'cert';
--
2.49.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-27 18:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-27 18:58 [PATCH] vpnmain.cgi: Fixes bug13833 - ipsec cert renewal bug Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox