[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfire-development
Subject:    Re: [PATCH 2/2] proxy.cgi: fix subnet comparison
From:       "Tom Rymes" <trymes () rymes ! com>
Date:       2018-02-11 20:47:31
Message-ID: A8DB05C9-B46B-4894-900B-46202E23423F () rymes ! com
[Download RAW message or body]

Bernhard,

Does any of this also apply to the subnet comparisons made when adding subnets in the \
"Firewall Groups" portion of the WUI?

Tom

> On Feb 11, 2018, at 1:52 PM, Bernhard Held <berny156@gmx.de> wrote:
> 
> The logic of subnet comparison is broken. E.g. if the blue netmask is
> 255.255.255.0, it's impossible to add a VPN subnet with the same netmask.
> The proposed patch compares the subnets individually.
> ---
> html/cgi-bin/proxy.cgi | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> index ea3b41126..4993dde86 100644
> --- a/html/cgi-bin/proxy.cgi
> +++ b/html/cgi-bin/proxy.cgi
> @@ -3066,8 +3066,8 @@ END
> @temp = split(/\//);
> chomp $temp[1];
> if (
> -                    ($temp[0] ne $netsettings{'GREEN_NETADDRESS'}) && ($temp[1] ne \
>                 $netsettings{'GREEN_NETMASK'}) &&
> -                    ($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) && ($temp[1] ne \
> $netsettings{'BLUE_NETMASK'}) +                    (($temp[0] ne \
> $netsettings{'GREEN_NETADDRESS'}) || ($temp[1] ne $netsettings{'GREEN_NETMASK'})) \
> && +                    (($temp[0] ne $netsettings{'BLUE_NETADDRESS'}) || ($temp[1] \
> ne $netsettings{'BLUE_NETMASK'})) )
> {
> print FILE " ||\n     (isInNet(myIpAddress(), \"$temp[0]\", \"$temp[1]\"))";
> -- 
> 2.16.1
> 


[prev in list] [next in list] [prev in thread] [next in thread]