OpenVPN: Check if port is smaller than 1024.

Bug #10459.
2026-04-09 18:45:54 +02:00 · 2014-01-11 12:38:53 +01:00
parent 7d44bfeef1
commit 8c252e6aa8
3 changed files with 27 additions and 3 deletions
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -1163,6 +1163,12 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	$errormessage = $Lang::tr{'invalid port'};
 	goto SETTINGS_ERROR;
    }
+	
+	if ($cgiparams{'DDEST_PORT'} <= 1023) {
+		$errormessage = $Lang::tr{'ovpn port in root range'};
+		goto SETTINGS_ERROR;
+	}
+
    $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
    $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
    $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
@@ -3534,10 +3540,24 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 		  goto VPNCONF_ERROR;
-		} 
+		}
+	
+	if ($cgiparams{'DEST_PORT'} <= 1023) {
+		$errormessage = $Lang::tr{'ovpn port in root range'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
+		}

-    if ($cgiparams{'OVPN_MGMT'} eq  '') {
-			$cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};		
+	if ($cgiparams{'OVPN_MGMT'} eq  '') {
+		$cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};		
+		}
+	
+	if ($cgiparams{'OVPN_MGMT'} <= 1023) {
+		$errormessage = $Lang::tr{'ovpn mgmt in root range'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
 		}
   
 }
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1606,6 +1606,8 @@
 'ovpn on blue' => 'OpenVPN auf BLAU',
 'ovpn on orange' => 'OpenVPN auf ORANGE',
 'ovpn on red' => 'OpenVPN auf ROT',
+'ovpn mgmt in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
+'ovpn port in root range' => 'Ein Port von 1024 oder höher ist erforderlich.',
 'ovpn routes push' => 'Routen (eine pro Zeile) z.b. 192.168.10.0/255.255.255.0 192.168.20.0/24',
 'ovpn routes push options' => 'Route push Optionen',
 'ovpn server status' => 'OpenVPN-Server-Status',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1636,6 +1636,8 @@
 'ovpn on blue' => 'OpenVPN on BLUE',
 'ovpn on orange' => 'OpenVPN on ORANGE',
 'ovpn on red' => 'OpenVPN on RED',
+'ovpn mgmt in root range' => 'A port number of 1024 or higher is required.',
+'ovpn port in root range' => 'A port number of 1024 or higher is required.',
 'ovpn routes push' => 'Routes (one per line) e.g. 192.168.10.0/255.255.255.0 192.168.20.0/24',
 'ovpn routes push options' => 'Route push options',
 'ovpn server status' => 'Current OpenVPN server status:',