openvpn: improve validation #2422

Since we now have TCP, UDP, TCP4, UDP4, TCP6 and UDP6 validation is a bit more complicated than it used to. The former assumptions about TCP and UDP were wrong anyway, in OpenVPN this means IPv4 and IPv6, not just IPv4.
2026-03-16 01:24:38 +00:00 · 2018-05-27 12:54:40 +02:00 · 2018-05-27 12:54:40 +02:00 · d210cbfb20
commit d210cbfb20
parent 7d14f2d8ee
1 changed files with 37 additions and 9 deletions
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@ -197,13 +197,15 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0)
 {
    global $config;

+    $af = null;
+
    if (strlen($prot) > 3) {
-        /* ignore "4" or "6" if given */
        $prot = substr($prot, 0, 3);
+        $af = substr($prot, 3, 1);
    }

    if (isset($config['openvpn']['openvpn-server'])) {
-        foreach ($config['openvpn']['openvpn-server'] as & $settings) {
+        foreach ($config['openvpn']['openvpn-server'] as $settings) {
            if (isset($settings['disable'])) {
                continue;
            }
@ -212,15 +214,28 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0)
                continue;
            }

-            if ($port == $settings['local_port'] && strpos($settings['protocol'], $prot) === 0 &&
-              ($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) {
-                return $settings['vpnid'];
+            if ($port != $settings['local_port']) {
+                continue;
            }
+
+            if (strpos($settings['protocol'], $prot) === false) {
+                continue;
+            }
+
+            if (!empty($af) && strlen($settings['protocol']) > 3 && strpos($settings['protocol'], $af) === false) {
+                continue;
+            }
+
+            if ($interface != $settings['interface'] && $interface != 'any' && $settings['interface'] != 'any') {
+                continue;
+            }
+
+            return $settings['vpnid'];
        }
    }

    if (isset($config['openvpn']['openvpn-client'])) {
-        foreach ($config['openvpn']['openvpn-client'] as & $settings) {
+        foreach ($config['openvpn']['openvpn-client'] as $settings) {
            if (isset($settings['disable'])) {
                continue;
            }
@ -229,10 +244,23 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0)
                continue;
            }

-            if ($port == $settings['local_port'] && strpos($settings['protocol'], $prot) === 0 &&
-              ($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) {
-                return $settings['vpnid'];
+            if ($port != $settings['local_port']) {
+                continue;
            }
+
+            if (strpos($settings['protocol'], $prot) === false) {
+                continue;
+            }
+
+            if (!empty($af) && strlen($settings['protocol']) > 3 && strpos($settings['protocol'], $af) === false) {
+                continue;
+            }
+
+            if ($interface != $settings['interface'] && $interface != 'any' && $settings['interface'] != 'any') {
+                continue;
+            }
+
+            return $settings['vpnid'];
        }
    }