Re: [PATCH] ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted

[Tom Rymes <tom@rymes.net>]

[-- Attachment #1: Type: text/plain, Size: 3224 bytes --]

Adolf: Just noting that the subject of your message says fixes #12883, 
but on line 13 of your below message, it says #2883. I assume that's not 
terribly important, but figured I would point it out.


On 06/22/2022 4:22 PM, Adolf Belka wrote:
> - Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487
>     from May 2021 put the variable containing the .p12 content into double quotes which
>     causes the contents to be treated as text whereas the .p12 file is an application file.
> - Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
>     the problem was not noticed till now and flagged up in the forum.
>     https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
> - The problem does not occur for the .p12 file in the zip file as the downloading of the
>     zip file does not have the variable name in double quotes.
> - Putting the zip file variable into double quotes caused the downloaded zip file to be
>     corrupt and not able to be opened as an archive.
> - Removing the double quotes from the .p12 variable name caused the separate .p12 file
>     download to be able to be correctly opened.
> - The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
>     and ta.key file downloads. To be consistent the same change has been applied to these.
> 
> Fixes: Bug #2883
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   html/cgi-bin/ovpnmain.cgi | 12 ++++++------
>   1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index b8c3e5064..736d17541 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -1564,7 +1564,7 @@ END
>   	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
>   
>   	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       } else {
> @@ -1679,7 +1679,7 @@ END
>   	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
>   
>   	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       }
> @@ -1693,7 +1693,7 @@ END
>   	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
>   
>   	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       }
> @@ -1710,7 +1710,7 @@ END
>   	my @tmp = <FILE>;
>   	close(FILE);
>   
> -	print "@tmp";
> +	print @tmp;
>   
>   	exit(0);
>       }
> @@ -2615,7 +2615,7 @@ else
>       my @tmp = <FILE>;
>       close(FILE);
>   
> -    print "@tmp";
> +    print @tmp;
>       exit (0);
>   
>   ###
> @@ -3234,7 +3234,7 @@ END
>   	my @tmp = <FILE>;
>   	close(FILE);
>   
> -	print "@tmp";
> +	print @tmp;
>   	exit (0);
>       }
>