luci-proto-openconnect: fix server url validation

The OpenConnect configuration form incorrectly assumed that the server setting must be hostname while it actually may be a full URL. Fixes: #6184 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-02-07 11:52:17 +01:00 · 2023-02-07 11:52:17 +01:00 · b200e0e90f
parent 41e9b8d121
commit b200e0e90f
1 changed files with 38 additions and 3 deletions
--- a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
+++ b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
@ -2,6 +2,7 @@
 'require rpc';
 'require form';
 'require network';
+'require validation';

 var callGetCertificateFiles = rpc.declare({
 	object: 'luci.openconnect',
@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', {
 		o.value('pulse', 'Pulse Connect Secure SSL VPN');

 		o = s.taboption('general', form.Value, 'server', _('VPN Server'));
-		o.datatype = 'host(0)';
+		o.validate = function(section_id, value) {
+			var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i);
+
+			if (!m)
+				return _('Invalid server URL');
+
+			if (m[1] != null) {
+				if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i))
+					return _('Unsupported protocol');
+			}
+
+			if (m[2] != null) {
+				if (!validation.parseIPv6(m[2]))
+					return _('Invalid IPv6 address');
+			}
+
+			if (m[3] != null) {
+				if (!validation.parseIPv4(m[3])) {
+					if (!(m[3].length <= 253 &&
+					      (m[3].match(/^[a-zA-Z0-9_]+$/) != null ||
+					       (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) &&
+					        m[3].match(/[^0-9.]/)))))
+						return _('Invalid hostname or IPv4 address');
+				}
+			}
+
+			if (m[4] != null) {
+				var p = +m[4];
+
+				if (p < 0 || p > 65535)
+					return _('Invalid port');
+			}
+
+			return true;
+		};

 		o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
 		o.placeholder = '443';
@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', {

 		o = s.taboption('general', form.Value, 'password2', _('Password2'));
 		o.password = true;
-	
+
 		o = s.taboption('general', form.Value, 'proxy', _('Proxy Server'));
 		o.optional = true;

@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', {
 		o.optional = true;
 		o.placeholder = 1406;
 		o.datatype = 'range(68, 9200)';
-		
+
 		o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout'));
 		o.optional = true;
 		o.placeholder = 300;