From f1312cadc6675fb29d02425775dd8a2a533d7e7c Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 7 Feb 2023 11:52:17 +0100 Subject: luci-proto-openconnect: fix server url validation The OpenConnect configuration form incorrectly assumed that the server setting must be hostname while it actually may be a full URL. Fixes: #6184 Signed-off-by: Jo-Philipp Wich --- .../luci-static/resources/protocol/openconnect.js | 41 ++++++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol') diff --git a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js index 91ad65cb34..e38afdc201 100644 --- a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js +++ b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js @@ -2,6 +2,7 @@ 'require rpc'; 'require form'; 'require network'; +'require validation'; var callGetCertificateFiles = rpc.declare({ object: 'luci.openconnect', @@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', { o.value('pulse', 'Pulse Connect Secure SSL VPN'); o = s.taboption('general', form.Value, 'server', _('VPN Server')); - o.datatype = 'host(0)'; + o.validate = function(section_id, value) { + var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i); + + if (!m) + return _('Invalid server URL'); + + if (m[1] != null) { + if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i)) + return _('Unsupported protocol'); + } + + if (m[2] != null) { + if (!validation.parseIPv6(m[2])) + return _('Invalid IPv6 address'); + } + + if (m[3] != null) { + if (!validation.parseIPv4(m[3])) { + if (!(m[3].length <= 253 && + (m[3].match(/^[a-zA-Z0-9_]+$/) != null || + (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) && + m[3].match(/[^0-9.]/))))) + return _('Invalid hostname or IPv4 address'); + } + } + + if (m[4] != null) { + var p = +m[4]; + + if (p < 0 || p > 65535) + return _('Invalid port'); + } + + return true; + }; o = s.taboption('general', form.Value, 'port', _('VPN Server port')); o.placeholder = '443'; @@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', { o = s.taboption('general', form.Value, 'password2', _('Password2')); o.password = true; - + o = s.taboption('general', form.Value, 'proxy', _('Proxy Server')); o.optional = true; @@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', { o.optional = true; o.placeholder = 1406; o.datatype = 'range(68, 9200)'; - + o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout')); o.optional = true; o.placeholder = 300; -- cgit v1.2.3