From 0ffa8830744fd7899d90fc9b7fb1f3d0704e780f Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Thu, 28 Mar 2019 09:20:01 +0100 Subject: [PATCH] ipsec: safer mobile banner write --- src/etc/inc/plugins.inc.d/ipsec.inc | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 53d62c06c..f35747348 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -939,8 +939,11 @@ function ipsec_configure_do($verbose = false, $interface = '') $strongswanTree['charon']['plugins']['attr']['# Search domain and default domain'] = ''; $strongswanTree['charon']['plugins']['attr']['28674'] = $a_client['dns_domain']; } - # 28675 --> UNITY_SPLITDNS_NAME - # 25 --> INTERNAL_DNS_DOMAIN + + /* + * 28675 --> UNITY_SPLITDNS_NAME + * 25 --> INTERNAL_DNS_DOMAIN + */ foreach (array("28675", "25") as $attr) { if (!empty($a_client['dns_split'])) { $strongswanTree['charon']['plugins']['attr'][$attr] = $a_client['dns_split']; @@ -948,12 +951,14 @@ function ipsec_configure_do($verbose = false, $interface = '') $strongswanTree['charon']['plugins']['attr'][$attr] = $a_client['dns_domain']; } } + if (!empty($a_client['dns_split'])) { $strongswanTree['charon']['plugins']['attr']['28675'] = $a_client['dns_split']; } if (!empty($a_client['login_banner'])) { - $strongswanTree['charon']['plugins']['attr']['28672'] = sprintf("\"%s\"", $a_client['login_banner']); + /* defang login banner, it may be multiple lines and we should not let it escape */ + $strongswanTree['charon']['plugins']['attr']['28672'] = '"' . str_replace(['\\', '"'], '', $a_client['login_banner']) . '"'; } if (isset($a_client['save_passwd'])) {