aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2011-03-14 16:47:46 -0400
committerjim-p <jimp@pfsense.org>2011-03-14 16:48:52 -0400
commitfd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82 (patch)
treeed7691ebbc95facf0af247cc3ac9922ee9f3aff6
parent962c3f572905f3266b77b414eeb86880899ea03a (diff)
downloadpfsense-packages-fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82.tar.gz
pfsense-packages-fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82.tar.bz2
pfsense-packages-fd982ebd4de3e10dc83fbb713ef1c6d7e2a23c82.zip
Escape values so special characters don't fail (and also helps prevent shell command injection)
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc14
-rwxr-xr-xconfig/openvpn-client-export/vpn_openvpn_export.php22
2 files changed, 20 insertions, 16 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 49ed4ca6..c58a6c53 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -79,11 +79,15 @@ function openvpn_client_export_prefix($srvid) {
}
function openvpn_client_pem_to_pk12($outpath, $outpass, $crtpath, $keypath, $capath = false) {
-
- if ($capath)
- exec("/usr/bin/openssl pkcs12 -export -in {$crtpath} -inkey {$keypath} -certfile {$capath} -out {$outpath} -passout pass:{$outpass}");
- else
- exec("/usr/bin/openssl pkcs12 -export -in {$crtpath} -inkey {$keypath} -out {$outpath} -passout pass:{$outpass}");
+ $eoutpath = escapeshellarg($outpath);
+ $eoutpass = escapeshellarg($outpass);
+ $ecrtpath = escapeshellarg($crtpath);
+ $ekeypath = escapeshellarg($keypath);
+ if ($capath) {
+ $ecapath = escapeshellarg($capath);
+ exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -certfile {$ecapath} -out {$eoutpath} -passout pass:{$eoutpass}");
+ } else
+ exec("/usr/bin/openssl pkcs12 -export -in {$ecrtpath} -inkey {$ekeypath} -out {$eoutpath} -passout pass:{$eoutpass}");
unlink($crtpath);
unlink($keypath);
diff --git a/config/openvpn-client-export/vpn_openvpn_export.php b/config/openvpn-client-export/vpn_openvpn_export.php
index 01a0507a..5c84ac80 100755
--- a/config/openvpn-client-export/vpn_openvpn_export.php
+++ b/config/openvpn-client-export/vpn_openvpn_export.php
@@ -425,22 +425,22 @@ function download_begin(act, i) {
var dlurl;
dlurl = "/vpn_openvpn_export.php?act=" + act;
- dlurl += "&srvid=" + servers[index][0];
+ dlurl += "&srvid=" + escape(servers[index][0]);
if (users[i]) {
- dlurl += "&usrid=" + users[i][0];
- dlurl += "&crtid=" + users[i][1];
+ dlurl += "&usrid=" + escape(users[i][0]);
+ dlurl += "&crtid=" + escape(users[i][1]);
}
- dlurl += "&useaddr=" + useaddr;
- dlurl += "&usetoken=" + usetoken;
+ dlurl += "&useaddr=" + escape(useaddr);
+ dlurl += "&usetoken=" + escape(usetoken);
if (usepass)
- dlurl += "&password=" + pass;
+ dlurl += "&password=" + escape(pass);
if (useproxy) {
- dlurl += "&proxy_addr=" + proxyaddr;
- dlurl += "&proxy_port=" + proxyport;
- dlurl += "&proxy_authtype=" + proxyauth;
+ dlurl += "&proxy_addr=" + escape(proxyaddr);
+ dlurl += "&proxy_port=" + escape(proxyport);
+ dlurl += "&proxy_authtype=" + escape(proxyauth);
if (useproxypass) {
- dlurl += "&proxy_user=" + proxyuser;
- dlurl += "&proxy_password=" + proxypass;
+ dlurl += "&proxy_user=" + escape(proxyuser);
+ dlurl += "&proxy_password=" + escape(proxypass);
}
}