From d210cbfb203b279b97267542d59b8ca7cf7ed0e2 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sun, 27 May 2018 12:54:40 +0200 Subject: [PATCH] openvpn: improve validation #2422 Since we now have TCP, UDP, TCP4, UDP4, TCP6 and UDP6 validation is a bit more complicated than it used to. The former assumptions about TCP and UDP were wrong anyway, in OpenVPN this means IPv4 and IPv6, not just IPv4. --- src/etc/inc/plugins.inc.d/openvpn.inc | 46 +++++++++++++++++++++------ 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc index 1b9d1f2c4..388f98d7a 100644 --- a/src/etc/inc/plugins.inc.d/openvpn.inc +++ b/src/etc/inc/plugins.inc.d/openvpn.inc @@ -197,13 +197,15 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) { global $config; + $af = null; + if (strlen($prot) > 3) { - /* ignore "4" or "6" if given */ $prot = substr($prot, 0, 3); + $af = substr($prot, 3, 1); } if (isset($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as & $settings) { + foreach ($config['openvpn']['openvpn-server'] as $settings) { if (isset($settings['disable'])) { continue; } @@ -212,15 +214,28 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) continue; } - if ($port == $settings['local_port'] && strpos($settings['protocol'], $prot) === 0 && - ($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) { - return $settings['vpnid']; + if ($port != $settings['local_port']) { + continue; } + + if (strpos($settings['protocol'], $prot) === false) { + continue; + } + + if (!empty($af) && strlen($settings['protocol']) > 3 && strpos($settings['protocol'], $af) === false) { + continue; + } + + if ($interface != $settings['interface'] && $interface != 'any' && $settings['interface'] != 'any') { + continue; + } + + return $settings['vpnid']; } } if (isset($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as & $settings) { + foreach ($config['openvpn']['openvpn-client'] as $settings) { if (isset($settings['disable'])) { continue; } @@ -229,10 +244,23 @@ function openvpn_port_used($prot, $interface, $port, $curvpnid = 0) continue; } - if ($port == $settings['local_port'] && strpos($settings['protocol'], $prot) === 0 && - ($interface == $settings['interface'] || $interface == "any" || $settings['interface'] == "any")) { - return $settings['vpnid']; + if ($port != $settings['local_port']) { + continue; } + + if (strpos($settings['protocol'], $prot) === false) { + continue; + } + + if (!empty($af) && strlen($settings['protocol']) > 3 && strpos($settings['protocol'], $af) === false) { + continue; + } + + if ($interface != $settings['interface'] && $interface != 'any' && $settings['interface'] != 'any') { + continue; + } + + return $settings['vpnid']; } }