WG tunnel download validation. Fixes #12731

pfsense · Jan 26, 2022 · 6914215 · 6914215
1 parent 3364533
commit 6914215
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 19 deletions.
diff --git a/net/pfSense-pkg-WireGuard/Makefile b/net/pfSense-pkg-WireGuard/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	pfSense-pkg-WireGuard
 PORTVERSION=	0.1.6
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/includes/wg.inc b/net/pfSense-pkg-WireGuard/files/usr/local/pkg/wireguard/includes/wg.inc
@@ -919,6 +919,8 @@ function wg_make_tunnel_conf_file($tunnel, $include_endpoint = false) {
 function wg_download_tunnel($tunnel_name, $failure_redirect) {
 	global $wgg;
 
+	$tunnel_name = basename(trim($tunnel_name));
+
 	// Fetch and build the latest info
 	wg_resync();
 

diff --git a/net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php b/net/pfSense-pkg-WireGuard/files/usr/local/www/wg/vpn_wg_tunnels.php
@@ -63,27 +63,44 @@
 
 	if (isset($_POST['tun'])) {
 		$tun_name = $_POST['tun'];
-		switch ($_POST['act']) {
-			case 'download':
-				wg_download_tunnel($tun_name, '/wg/vpn_wg_tunnels.php');
-				exit();
-				break;
-
-			case 'toggle':
-				$res = wg_toggle_tunnel($tun_name);
-				break;
-
-			case 'delete':
-				$res = wg_delete_tunnel($tun_name);
-				break;
-
-			default:
-				// Shouldn't be here, so bail out.
-				header('Location: /wg/vpn_wg_tunnels.php');
-				break;
+
+		/* Check if the submitted tunnel exists
+		 * https://redmine.pfsense.org/issues/12731
+		 */
+		$tun_found = false;
+		if (is_array($wgg['tunnels']) && count($wgg['tunnels']) > 0) {
+			foreach ($wgg['tunnels'] as $tunnel) {
+				if ($tunnel['name'] == $tun_name) {
+					$tun_found = true;
+					break;
+				}
+			}
 		}
 
-		$input_errors = $res['input_errors'];
+		if ($tun_found) {
+			switch ($_POST['act']) {
+				case 'download':
+					wg_download_tunnel($tun_name, '/wg/vpn_wg_tunnels.php');
+					exit();
+					break;
+				case 'toggle':
+					$res = wg_toggle_tunnel($tun_name);
+					break;
+				case 'delete':
+					$res = wg_delete_tunnel($tun_name);
+					break;
+				default:
+					// Shouldn't be here, so bail out.
+					header('Location: /wg/vpn_wg_tunnels.php');
+					break;
+			}
+			$input_errors = $res['input_errors'];
+		} else {
+			/* User submitted a tunnel that does not exist, so bail.
+			 * https://redmine.pfsense.org/issues/12731
+			 */
+			$input_errors = array(gettext("The requested tunnel does not exist."));
+		}
 
 		if (empty($input_errors)) {
 			if (wg_is_service_running() && $res['changes']) {