search

dperson / openvpn-client

GNU Affero General Public License v3.0
1.06k stars 589 forks source link

openvpn.sh REGEX bug for $VPN_AUTH #376

Open ddurbin opened 3 years ago

ddurbin commented 3 years ago

There is a bug in the openvpn.sh script when passing with -a flag. The result is an unbound variable error.

/usr/bin/openvpn.sh: line 347: r: unbound variable

The fix is to replace lines 346 and 347 with below:

[[ "${VPN_AUTH:-}" ]] && eval vpn_auth $(sed 's/^/"/; s/\$/\\$/; s/$/"/; s/;/" "/g' <<< $VPN_AUTH)

panos-stavrianos commented 2 years ago

I guess a little off topic

There is also a problem when the password contains ";" I managed to solve it using this code, but I don't really know what I am doing.

ovpn_username="$(sed 's/;.*//' <<< "$VPN_AUTH")"
ovpn_password="$(sed 's/^[^;]*;//' <<< "$VPN_AUTH")"
vpn_auth "$ovpn_username" "$ovpn_password"
PrivatePuffin commented 2 years ago

Sanitisation of input needs a complete overhaul.

@panos-stavrianos Could you send-in a PR for this?