Re: [PATCH] ovpnmain.cgi: Fix for bug #12883 - separate .p12 file corrupted

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3045 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 22 Jun 2022, at 21:22, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> - Patch https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2feacd989823aa1dbd5844c315a9abfd49060487
>   from May 2021 put the variable containing the .p12 content into double quotes which
>   causes the contents to be treated as text whereas the .p12 file is an application file.
> - Most people must be downloading the zip package of .p12, ovpn.conf and ta.key files so
>   the problem was not noticed till now and flagged up in the forum.
>   https://community.ipfire.org/t/openvpn-p12-password-on-android-problem/8127
> - The problem does not occur for the .p12 file in the zip file as the downloading of the
>   zip file does not have the variable name in double quotes.
> - Putting the zip file variable into double quotes caused the downloaded zip file to be
>   corrupt and not able to be opened as an archive.
> - Removing the double quotes from the .p12 variable name caused the separate .p12 file
>   download to be able to be correctly opened.
> - The same quoted variable name is used also for the cacert.pem, cert.pem, servercert.pem
>   and ta.key file downloads. To be consistent the same change has been applied to these.
> 
> Fixes: Bug #2883
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> html/cgi-bin/ovpnmain.cgi | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> index b8c3e5064..736d17541 100644
> --- a/html/cgi-bin/ovpnmain.cgi
> +++ b/html/cgi-bin/ovpnmain.cgi
> @@ -1564,7 +1564,7 @@ END
> 	print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
> 
> 	my @tmp =  &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     } else {
> @@ -1679,7 +1679,7 @@ END
> 	print "Content-Disposition: filename=cacert.pem\r\n\r\n";
> 
> 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     }
> @@ -1693,7 +1693,7 @@ END
> 	print "Content-Disposition: filename=servercert.pem\r\n\r\n";
> 
> 	my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     }
> @@ -1710,7 +1710,7 @@ END
> 	my @tmp = <FILE>;
> 	close(FILE);
> 
> -	print "@tmp";
> +	print @tmp;
> 
> 	exit(0);
>     }
> @@ -2615,7 +2615,7 @@ else
>     my @tmp = <FILE>;
>     close(FILE);
> 
> -    print "@tmp";
> +    print @tmp;
>     exit (0);
> 
> ###
> @@ -3234,7 +3234,7 @@ END
> 	my @tmp = <FILE>;
> 	close(FILE);
> 
> -	print "@tmp";
> +	print @tmp;
> 	exit (0);
>     }
> 
> -- 
> 2.36.1
>