summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2022-09-15 15:07:40 +0100
committerGitHub <noreply@github.com>2022-09-15 15:07:40 +0100
commite57146723fd791d71ac9659f9247a8827c151c97 (patch)
treec75c86280700659da8eb2b53eaa8fdf7d3406b62
parentb9678136eac767ece3d5a5e53f9f2b9c47c7477a (diff)
parent3629f376c26bbc22b94fbd5e9bbe789d08e2caa6 (diff)
downloadvyos-1x-e57146723fd791d71ac9659f9247a8827c151c97.tar.gz
vyos-1x-e57146723fd791d71ac9659f9247a8827c151c97.zip
Merge pull request #1539 from sever-sever/T4679-eq
openvpn: T4679: Fix incorrect verify local and remote address 1.3
-rw-r--r--python/vyos/util.py7
-rwxr-xr-xsrc/conf_mode/interfaces-openvpn.py3
2 files changed, 8 insertions, 2 deletions
diff --git a/python/vyos/util.py b/python/vyos/util.py
index 554614b30..1c4102e90 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -1,4 +1,4 @@
-# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -623,6 +623,11 @@ def is_admin() -> bool:
(_, _, _, admin_group_members) = getgrnam('sudo')
return current_user in admin_group_members
+def is_list_equal(first: list, second: list) -> bool:
+ """ Check if 2 lists are equal and list not empty """
+ if len(first) != len(second) or len(first) == 0:
+ return False
+ return sorted(first) == sorted(second)
def mac2eui64(mac, prefix=None):
"""
diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 7d20b3fd0..fe5898282 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -43,6 +43,7 @@ from vyos.util import chown
from vyos.util import chmod_600
from vyos.util import cmd
from vyos.util import dict_search
+from vyos.util import is_list_equal
from vyos.util import makedir
from vyos.validate import is_addr_assigned
@@ -159,7 +160,7 @@ def verify(openvpn):
elif v6remAddr and not v6loAddr:
raise ConfigError('IPv6 "remote-address" requires IPv6 "local-address"')
- if (v4loAddr == v4remAddr) or (v6remAddr == v4remAddr):
+ if is_list_equal(v4loAddr, v4remAddr) or is_list_equal(v6loAddr, v6remAddr):
raise ConfigError('"local-address" and "remote-address" cannot be the same')
if dict_search('local_host', openvpn) in dict_search('local_address', openvpn):