From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] ovpnmain.cgi: Validate CCDNet name when renaming it. Date: Thu, 30 Jan 2020 12:55:25 +0000 Message-ID: <9E24A6A5-BB35-4984-A25E-CF95FBF083BB@ipfire.org> In-Reply-To: <36112b13c62f8e7eea3cda466ed8520dcac14d6a.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5942933122911692915==" List-Id: --===============5942933122911692915== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Okay. Can you ask the reporter to check your changes and confirm here on the = list? > On 30 Jan 2020, at 12:48, Stefan Schantl wrot= e: >=20 > Hello Michael, >=20 > thanks for reviewing the patch. >=20 > There is no need that the pool name is a FQDN, I mainly inserted the > same check when editing as when adding a new pool. >=20 > Best regards, >=20 > -Stefan >> Hi, >>=20 >>> On 28 Jan 2020, at 10:51, Stefan Schantl >>> wrote: >>>=20 >>> Fixes #12282 >>>=20 >>> Signed-off-by: Stefan Schantl >>> --- >>> html/cgi-bin/ovpnmain.cgi | 7 +++++++ >>> 1 file changed, 7 insertions(+) >>>=20 >>> diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi >>> index e76a688fe..22a2b9905 100644 >>> --- a/html/cgi-bin/ovpnmain.cgi >>> +++ b/html/cgi-bin/ovpnmain.cgi >>> @@ -490,6 +490,13 @@ sub modccdnet >>> my $oldname=3D$_[1]; >>> my %ccdconfhash=3D(); >>> my %ccdhash=3D(); >>> + >>> + # Check if the new name is valid. >>> + if(!&General::validhostname($newname)) { >>> + $errormessage=3D$Lang::tr{'ccd err invalidname'}; >>> + return; >>> + } >>> + >>=20 >> Why does the name of the pool need to be a FQDN? >>=20 >>> &General::readhasharray("${General::swroot}/ovpn/ccd.conf", >>> \%ccdconfhash); >>> foreach my $key (keys %ccdconfhash) { >>> if ($ccdconfhash{$key}[0] eq $oldname) { >>> --=20 >>> 2.25.0 >>>=20 >=20 --===============5942933122911692915==--