* [PATCH] zoneconf.cgi: Fix VLAN tag range check
@ 2021-03-21 21:23 Leo-Andres Hofmann
2021-03-22 11:26 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Leo-Andres Hofmann @ 2021-03-21 21:23 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5826 bytes --]
Use the correct VLAN tag range 1-4094 and add an error message
to the range check.
The missing error message was discovered by Jonatan.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
---
doc/language_missings | 7 +++++++
html/cgi-bin/zoneconf.cgi | 11 +++++------
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
4 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/doc/language_missings b/doc/language_missings
index 3cd277726..4b5a90c67 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -912,6 +912,7 @@
< zoneconf val stp zone mode error
< zoneconf val vlan amount assignment error
< zoneconf val vlan tag assignment error
+< zoneconf val vlan tag range error
< zoneconf val zoneslave amount error
############################################################################
# Checking cgi-bin translations for language: fr #
@@ -933,6 +934,7 @@
< zoneconf stp priority
< zoneconf val stp priority range error
< zoneconf val stp zone mode error
+< zoneconf val vlan tag range error
############################################################################
# Checking cgi-bin translations for language: it #
############################################################################
@@ -1322,6 +1324,7 @@
< zoneconf val stp zone mode error
< zoneconf val vlan amount assignment error
< zoneconf val vlan tag assignment error
+< zoneconf val vlan tag range error
< zoneconf val zoneslave amount error
############################################################################
# Checking cgi-bin translations for language: nl #
@@ -1766,6 +1769,7 @@
< zoneconf val stp zone mode error
< zoneconf val vlan amount assignment error
< zoneconf val vlan tag assignment error
+< zoneconf val vlan tag range error
< zoneconf val zoneslave amount error
############################################################################
# Checking cgi-bin translations for language: pl #
@@ -2652,6 +2656,7 @@
< zoneconf val stp zone mode error
< zoneconf val vlan amount assignment error
< zoneconf val vlan tag assignment error
+< zoneconf val vlan tag range error
< zoneconf val zoneslave amount error
############################################################################
# Checking cgi-bin translations for language: ru #
@@ -3545,6 +3550,7 @@
< zoneconf val stp zone mode error
< zoneconf val vlan amount assignment error
< zoneconf val vlan tag assignment error
+< zoneconf val vlan tag range error
< zoneconf val zoneslave amount error
############################################################################
# Checking cgi-bin translations for language: tr #
@@ -3741,4 +3747,5 @@
< zoneconf val stp zone mode error
< zoneconf val vlan amount assignment error
< zoneconf val vlan tag assignment error
+< zoneconf val vlan tag range error
< zoneconf val zoneslave amount error
diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi
index b90ea8a41..c0d44764f 100644
--- a/html/cgi-bin/zoneconf.cgi
+++ b/html/cgi-bin/zoneconf.cgi
@@ -279,11 +279,10 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
}
$VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
-
- if (! looks_like_number($vlan_tag)) {
- last;
- }
- if ($vlan_tag < 1 || $vlan_tag > 4095) {
+
+ # check VLAN tag range: 1..4094 (0, 4095 are reserved)
+ unless (looks_like_number($vlan_tag) && ($vlan_tag >= 1) && ($vlan_tag <= 4094)) {
+ $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag range error"};
last;
}
@@ -486,7 +485,7 @@ END
<option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
<option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
</select>
- <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" required $field_disabled>
+ <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4094" value="$zone_vlan_id" required $field_disabled>
</td>
END
;
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 6a8133807..191c778d2 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2988,6 +2988,7 @@
'zoneconf val stp zone mode error' => 'STP kann nur aktiviert werden, wenn sich die Zone im Brückenmodus befindet',
'zoneconf val vlan amount assignment error' => 'Pro Zone kann nur ein VLAN verwendet werden.',
'zoneconf val vlan tag assignment error' => 'Pro Netzwerkkarte kann derselbe VLAN-Tag nur einmal verwendet werden.',
+'zoneconf val vlan tag range error' => 'VLAN-Tag muss im Bereich 1-4094 liegen.',
'zoneconf val zoneslave amount error' => 'Wenn eine Zone nicht im Brückenmodus ist, kann ihr nur eine Netzwerkkarte zugewiesen werden.',
);
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 8f7e0c2cf..1d059aac8 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -3037,6 +3037,7 @@
'zoneconf val stp zone mode error' => 'STP can only be enabled if the zone is in bridge mode',
'zoneconf val vlan amount assignment error' => 'A zone cannot have more than one VLAN assigned.',
'zoneconf val vlan tag assignment error' => 'You cannot use the same VLAN tag more than once per NIC.',
+'zoneconf val vlan tag range error' => 'VLAN tag must be in the range of 1-4094.',
'zoneconf val zoneslave amount error' => 'A zone that is not in bridge mode can\'t have more than one NIC assigned',
);
--
2.27.0.windows.1
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH] zoneconf.cgi: Fix VLAN tag range check
2021-03-21 21:23 [PATCH] zoneconf.cgi: Fix VLAN tag range check Leo-Andres Hofmann
@ 2021-03-22 11:26 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2021-03-22 11:26 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 6112 bytes --]
Thank you :)
> On 21 Mar 2021, at 21:23, Leo-Andres Hofmann <hofmann(a)leo-andres.de> wrote:
>
> Use the correct VLAN tag range 1-4094 and add an error message
> to the range check.
> The missing error message was discovered by Jonatan.
>
> Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
> ---
> doc/language_missings | 7 +++++++
> html/cgi-bin/zoneconf.cgi | 11 +++++------
> langs/de/cgi-bin/de.pl | 1 +
> langs/en/cgi-bin/en.pl | 1 +
> 4 files changed, 14 insertions(+), 6 deletions(-)
>
> diff --git a/doc/language_missings b/doc/language_missings
> index 3cd277726..4b5a90c67 100644
> --- a/doc/language_missings
> +++ b/doc/language_missings
> @@ -912,6 +912,7 @@
> < zoneconf val stp zone mode error
> < zoneconf val vlan amount assignment error
> < zoneconf val vlan tag assignment error
> +< zoneconf val vlan tag range error
> < zoneconf val zoneslave amount error
> ############################################################################
> # Checking cgi-bin translations for language: fr #
> @@ -933,6 +934,7 @@
> < zoneconf stp priority
> < zoneconf val stp priority range error
> < zoneconf val stp zone mode error
> +< zoneconf val vlan tag range error
> ############################################################################
> # Checking cgi-bin translations for language: it #
> ############################################################################
> @@ -1322,6 +1324,7 @@
> < zoneconf val stp zone mode error
> < zoneconf val vlan amount assignment error
> < zoneconf val vlan tag assignment error
> +< zoneconf val vlan tag range error
> < zoneconf val zoneslave amount error
> ############################################################################
> # Checking cgi-bin translations for language: nl #
> @@ -1766,6 +1769,7 @@
> < zoneconf val stp zone mode error
> < zoneconf val vlan amount assignment error
> < zoneconf val vlan tag assignment error
> +< zoneconf val vlan tag range error
> < zoneconf val zoneslave amount error
> ############################################################################
> # Checking cgi-bin translations for language: pl #
> @@ -2652,6 +2656,7 @@
> < zoneconf val stp zone mode error
> < zoneconf val vlan amount assignment error
> < zoneconf val vlan tag assignment error
> +< zoneconf val vlan tag range error
> < zoneconf val zoneslave amount error
> ############################################################################
> # Checking cgi-bin translations for language: ru #
> @@ -3545,6 +3550,7 @@
> < zoneconf val stp zone mode error
> < zoneconf val vlan amount assignment error
> < zoneconf val vlan tag assignment error
> +< zoneconf val vlan tag range error
> < zoneconf val zoneslave amount error
> ############################################################################
> # Checking cgi-bin translations for language: tr #
> @@ -3741,4 +3747,5 @@
> < zoneconf val stp zone mode error
> < zoneconf val vlan amount assignment error
> < zoneconf val vlan tag assignment error
> +< zoneconf val vlan tag range error
> < zoneconf val zoneslave amount error
> diff --git a/html/cgi-bin/zoneconf.cgi b/html/cgi-bin/zoneconf.cgi
> index b90ea8a41..c0d44764f 100644
> --- a/html/cgi-bin/zoneconf.cgi
> +++ b/html/cgi-bin/zoneconf.cgi
> @@ -279,11 +279,10 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{"save"}) {
> }
>
> $VALIDATE_nic_check{"VLAN $mac $vlan_tag"} = 1;
> -
> - if (! looks_like_number($vlan_tag)) {
> - last;
> - }
> - if ($vlan_tag < 1 || $vlan_tag > 4095) {
> +
> + # check VLAN tag range: 1..4094 (0, 4095 are reserved)
> + unless (looks_like_number($vlan_tag) && ($vlan_tag >= 1) && ($vlan_tag <= 4094)) {
> + $VALIDATE_error = $Lang::tr{"zoneconf val vlan tag range error"};
> last;
> }
>
> @@ -486,7 +485,7 @@ END
> <option value="NATIVE" $access_selected{"NATIVE"}>$Lang::tr{"zoneconf access native"}</option>
> <option value="VLAN" $access_selected{"VLAN"} $vlan_disabled>$Lang::tr{"zoneconf access vlan"}</option>
> </select>
> - <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4095" value="$zone_vlan_id" required $field_disabled>
> + <input type="number" class="vlanid" id="TAG-$uc-$mac" name="TAG $uc $mac" min="1" max="4094" value="$zone_vlan_id" required $field_disabled>
> </td>
> END
> ;
> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
> index 6a8133807..191c778d2 100644
> --- a/langs/de/cgi-bin/de.pl
> +++ b/langs/de/cgi-bin/de.pl
> @@ -2988,6 +2988,7 @@
> 'zoneconf val stp zone mode error' => 'STP kann nur aktiviert werden, wenn sich die Zone im Brückenmodus befindet',
> 'zoneconf val vlan amount assignment error' => 'Pro Zone kann nur ein VLAN verwendet werden.',
> 'zoneconf val vlan tag assignment error' => 'Pro Netzwerkkarte kann derselbe VLAN-Tag nur einmal verwendet werden.',
> +'zoneconf val vlan tag range error' => 'VLAN-Tag muss im Bereich 1-4094 liegen.',
> 'zoneconf val zoneslave amount error' => 'Wenn eine Zone nicht im Brückenmodus ist, kann ihr nur eine Netzwerkkarte zugewiesen werden.',
> );
>
> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
> index 8f7e0c2cf..1d059aac8 100644
> --- a/langs/en/cgi-bin/en.pl
> +++ b/langs/en/cgi-bin/en.pl
> @@ -3037,6 +3037,7 @@
> 'zoneconf val stp zone mode error' => 'STP can only be enabled if the zone is in bridge mode',
> 'zoneconf val vlan amount assignment error' => 'A zone cannot have more than one VLAN assigned.',
> 'zoneconf val vlan tag assignment error' => 'You cannot use the same VLAN tag more than once per NIC.',
> +'zoneconf val vlan tag range error' => 'VLAN tag must be in the range of 1-4094.',
> 'zoneconf val zoneslave amount error' => 'A zone that is not in bridge mode can\'t have more than one NIC assigned',
> );
>
> --
> 2.27.0.windows.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-22 11:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-21 21:23 [PATCH] zoneconf.cgi: Fix VLAN tag range check Leo-Andres Hofmann
2021-03-22 11:26 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox