- This patch corrects the encoding section which was incorrectly set up to have the encoding set up when the BASE_64 parameter was set to YES. This meant that the encoded PSK was then encoded a further time and the ipsec.secrets file PSK entry was set as the decoded version of that twice encoded PSK. This could then happen again and again with the PSK being encoded twice or more times. - This patch only base64 encodes the PSK if the BASE_64 paramter is not set to YES, which means set to empty. - This patch set has been tested with PSK's from restored backaups from when the PSK was not base64 encoded. It has also been tested on non base64 encoded PSK's that have then had the Save button on the PSK edit screen pressed and also on PSK's that have already been base64 encoded. In all cases the correct base64 encoding was carried out and multiple Saves of the PSK Edit screen no longer give further base64 encodings of the already base64 encoded PSK. - The problem with the original patch for this issue was that the emcoding was not done for the correct BASE_64 status.
Fixes: Bug13833 Tested-by: Adolf Belka <[email protected]> Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/vpnmain.cgi | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 1c9f9243b..778ec25c4 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1879,7 +1879,7 @@ END } if ($cgiparams{'AUTH'} eq 'psk') { - $cgiparams{'BASE_64'} = 'YES'; + $cgiparams{'BASE_64'} = $confighash{$cgiparams{'KEY'}}[40]; if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; goto VPNCONF_ERROR; @@ -2248,7 +2248,7 @@ END my $key = $cgiparams{'KEY'}; if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 40) { $confighash{$key}[$i] = "";} } $confighash{$key}[0] = $cgiparams{'ENABLED'}; $confighash{$key}[1] = $cgiparams{'NAME'}; @@ -2259,11 +2259,10 @@ END if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; if ($cgiparams{'BASE_64'} eq 'YES') { + $confighash{$key}[5] = $cgiparams{'PSK'}; + } else { $confighash{$key}[5] = MIME::Base64::encode_base64($cgiparams{'PSK'}, ""); $confighash{$key}[40] = 'YES'; - } else { - $confighash{$key}[5] = $cgiparams{'PSK'}; - $confighash{$key}[40] = ''; } } else { $confighash{$key}[4] = 'cert'; -- 2.49.0
