From a2208dbc5ac143a85bc6e038afd24bd18e9f461f Mon Sep 17 00:00:00 2001
From: Conrad Lara - KG6JEI <KG6JEI@amsat.org>
Date: Sun, 5 Mar 2017 16:57:37 -0800
Subject: [PATCH] bugfix: Prevent users from uploading files when tunnels are
 active.

If a user tries to upload a file (especially firmware images) while
a tunnel is active the nodes run a high risk of running out of
available RAM.

Change-Id: I6c31a5c641c7266f337aa4b209367ae0491703ad
---
 files/www/cgi-bin/admin | 31 +++++++++++++++++++++++++++----
 files/www/help.html     |  7 +++++++
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/files/www/cgi-bin/admin b/files/www/cgi-bin/admin
index 4e9e5fea..37587363 100755
--- a/files/www/cgi-bin/admin
+++ b/files/www/cgi-bin/admin
@@ -57,7 +57,24 @@ sub firmware_list_gen
 
 $debug = 0;
 $| = 1;
-read_postdata({acceptfile => true});
+
+$tunnel_active= 0;
+if ( -e "/usr/sbin/vtund" && open(my $tuncfgfd, '/etc/config/vtun')) {
+    while ( my $line = <$tuncfgfd> ) {
+        if ( $line =~ /option enabled '1'/i ) {
+            $tunnel_active = 1;
+            last;
+        }
+    }
+}
+
+
+if ( $tunnel_active ) {
+    read_postdata({acceptfile => false});
+} else {
+    read_postdata({acceptfile => true});
+}
+
 reboot_page("/cgi-bin/status") if $parms{button_reboot};
 read_query_string();
 $node = nvram_get("node");
@@ -557,7 +574,9 @@ print "<tr><td align=center colspan=3>current version: $fw_version</td></tr>\n";
 print "<tr>\n";
 print "<td>Upload Firmware</td>\n";
 print "<td><input type=file name=firmfile title='choose the firmware file to install from your hard drive'></td>\n";
-print "<td align=center><input type=submit name=button_ul_fw value=Upload title='install the firmware'></td>\n";
+print "<td align=center><input type=submit name=button_ul_fw value=Upload title='install the firmware'";
+if($tunnel_active) { print " disabled"; };
+print "></td>\n";
 print "</tr>\n";
 
 print "<tr>\n";
@@ -601,7 +620,9 @@ if(@pkg_output)
 print "<tr>\n";
 print "<td>Upload Package</td>\n";
 print "<td><input type=file name=ul_pkg title='choose the .ipk file to install from your hard drive'> </td>\n";
-print "<td align=center><input type=submit name=button_ul_pkg value=Upload title='install the package'></td>\n";
+print "<td align=center><input type=submit name=button_ul_pkg value=Upload title='install the package'";
+if($tunnel_active) { print " disabled"; };
+print "></td>\n";
 print "</tr>\n";
 
 print "<tr>\n";
@@ -652,7 +673,9 @@ if(@key_output)
 print "<tr>\n";
 print "<td>Upload Key</td>\n";
 print "<td><input type=file name=sshkey title='choose the id_rsa.pub file to install from your hard drive'></td>\n";
-print "<td align=center><input type=submit name=button_ul_key value=Upload title='install the key'></td>\n";
+print "<td align=center><input type=submit name=button_ul_key value=Upload title='install the key'";
+if($tunnel_active) { print " disabled"; };
+print "></td>\n";
 print "</tr>\n";
 
 print "<tr>\n";
diff --git a/files/www/help.html b/files/www/help.html
index 68d32d48..e1704982 100644
--- a/files/www/help.html
+++ b/files/www/help.html
@@ -644,6 +644,13 @@ size will be translated into the new subnet address space.
 </p>
 <br><br><hr>
 <a name=admin><h2>Administration</h2></a>
+<p>
+<strong>Note:</strong></br>Files can not be uploaded to a node while a tunnel
+server or client connection is enabled. To upload any file (firmware, package
+or ssh key) you must ensure all tunnel servers and clients are disabled.</br>
+Upload buttons will be disabled until tunnels are disabled.
+</p>
+
 <p>
 <strong>Firmware Update</strong> is how new firmware is installed on the node.
 If you have a firmware image on your computer, click