android: Validate proposal strings when importing profiles
authorTobias Brunner <tobias@strongswan.org>
Fri, 17 Nov 2017 16:45:52 +0000 (17:45 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Nov 2017 17:11:43 +0000 (18:11 +0100)
src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java

index 97ba11b..43c0035 100644 (file)
@@ -59,6 +59,7 @@ import org.strongswan.android.security.TrustedCertificateEntry;
 import org.strongswan.android.ui.widget.TextInputLayoutHelper;
 import org.strongswan.android.utils.Constants;
 import org.strongswan.android.utils.IPRangeSet;
+import org.strongswan.android.utils.Utils;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -497,8 +498,8 @@ public class VpnProfileImportActivity extends AppCompatActivity
                        }
                }
 
-               profile.setIkeProposal(obj.optString("ike-proposal", null));
-               profile.setEspProposal(obj.optString("esp-proposal", null));
+               profile.setIkeProposal(getProposal(obj, "ike-proposal", true));
+               profile.setEspProposal(getProposal(obj, "esp-proposal", false));
                profile.setMTU(getInteger(obj, "mtu", Constants.MTU_MIN, Constants.MTU_MAX));
                profile.setNATKeepAlive(getInteger(obj, "nat-keepalive", Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX));
                JSONObject split = obj.optJSONObject("split-tunneling");
@@ -536,6 +537,19 @@ public class VpnProfileImportActivity extends AppCompatActivity
                return res < min || res > max ? null : res;
        }
 
+       private String getProposal(JSONObject obj, String key, boolean ike) throws JSONException
+       {
+               String value = obj.optString(key, null);
+               if (!TextUtils.isEmpty(value))
+               {
+                       if (!Utils.isProposalValid(ike, value))
+                       {
+                               throw new JSONException(getString(R.string.profile_import_failed_value, key));
+                       }
+               }
+               return value;
+       }
+
        private String getSubnets(JSONObject split, String key) throws JSONException
        {
                ArrayList<String> subnets = new ArrayList<>();