diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-09-14 16:34:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-14 16:34:20 +0200 |
| commit | f379df09d8392bda6b081dc8668b435d2d806478 (patch) | |
| tree | 77cc738572f2cab6843f1b1b282c5c2966cefc15 | |
| parent | 2309f4075831778e9e23a031eac10f17f40f79bd (diff) | |
| parent | f7bab4058d8677079db32bdc2e6c452267b98694 (diff) | |
| download | vyos-1x-f379df09d8392bda6b081dc8668b435d2d806478.tar.gz vyos-1x-f379df09d8392bda6b081dc8668b435d2d806478.zip | |
Merge pull request #1530 from sever-sever/T4679
openvpn: T4679: Fix incorrect verify local and remote address
| -rw-r--r-- | python/vyos/util.py | 8 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-openvpn.py | 3 |
2 files changed, 9 insertions, 2 deletions
diff --git a/python/vyos/util.py b/python/vyos/util.py index 325b630bc..461df9a6e 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -1,4 +1,4 @@ -# Copyright 2020-2021 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2020-2022 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -471,6 +471,12 @@ def process_named_running(name): return p.pid return None +def is_list_equal(first: list, second: list) -> bool: + """ Check if 2 lists are equal and list not empty """ + if len(first) != len(second) or len(first) == 0: + return False + return sorted(first) == sorted(second) + def is_listen_port_bind_service(port: int, service: str) -> bool: """Check if listen port bound to expected program name :param port: Bind port diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py index ef745d737..8155f36c2 100755 --- a/src/conf_mode/interfaces-openvpn.py +++ b/src/conf_mode/interfaces-openvpn.py @@ -55,6 +55,7 @@ from vyos.util import chown from vyos.util import cmd from vyos.util import dict_search from vyos.util import dict_search_args +from vyos.util import is_list_equal from vyos.util import makedir from vyos.util import read_file from vyos.util import write_file @@ -274,7 +275,7 @@ def verify(openvpn): elif v6remAddr and not v6loAddr: raise ConfigError('IPv6 "remote-address" requires IPv6 "local-address"') - if (v4loAddr == v4remAddr) or (v6remAddr == v4remAddr): + if is_list_equal(v4loAddr, v4remAddr) or is_list_equal(v6loAddr, v6remAddr): raise ConfigError('"local-address" and "remote-address" cannot be the same') if dict_search('local_host', openvpn) in dict_search('local_address', openvpn): |