ipsec: safer mobile banner write

2026-03-14 08:34:39 +00:00 · 2019-03-28 09:20:01 +01:00 · 2019-03-28 09:20:01 +01:00 · 0ffa883074
commit 0ffa883074
parent 39a95d3c39
1 changed files with 8 additions and 3 deletions
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@ -939,8 +939,11 @@ function ipsec_configure_do($verbose = false, $interface = '')
                $strongswanTree['charon']['plugins']['attr']['# Search domain and default domain'] = '';
                $strongswanTree['charon']['plugins']['attr']['28674'] = $a_client['dns_domain'];
            }
-            # 28675 --> UNITY_SPLITDNS_NAME
-            # 25 --> INTERNAL_DNS_DOMAIN
+
+            /*
+             * 28675 --> UNITY_SPLITDNS_NAME
+             * 25 --> INTERNAL_DNS_DOMAIN
+             */
            foreach (array("28675", "25") as $attr) {
                if (!empty($a_client['dns_split'])) {
                    $strongswanTree['charon']['plugins']['attr'][$attr] = $a_client['dns_split'];
@ -948,12 +951,14 @@ function ipsec_configure_do($verbose = false, $interface = '')
                    $strongswanTree['charon']['plugins']['attr'][$attr] = $a_client['dns_domain'];
                }
            }
+
            if (!empty($a_client['dns_split'])) {
                $strongswanTree['charon']['plugins']['attr']['28675'] = $a_client['dns_split'];
            }

            if (!empty($a_client['login_banner'])) {
-                $strongswanTree['charon']['plugins']['attr']['28672'] = sprintf("\"%s\"", $a_client['login_banner']);
+                /* defang login banner, it may be multiple lines and we should not let it escape */
+                $strongswanTree['charon']['plugins']['attr']['28672'] = '"' . str_replace(['\\', '"'], '', $a_client['login_banner']) . '"';
            }

            if (isset($a_client['save_passwd'])) {