Commit 28bd65f7 authored by Damien PIQUET's avatar Damien PIQUET Committed by Dietmar Maurer

Added ipv4 validation, forbid network and broadcast addresses

Signed-off-by: 's avatarDamien PIQUET <piqudam@gmail.com>
parent 499c7b4d
...@@ -12,6 +12,7 @@ use PVE::RPCEnvironment; ...@@ -12,6 +12,7 @@ use PVE::RPCEnvironment;
use PVE::JSONSchema qw(get_standard_option); use PVE::JSONSchema qw(get_standard_option);
use PVE::AccessControl; use PVE::AccessControl;
use IO::File; use IO::File;
use Net::IP qw(:PROC);
use base qw(PVE::RESTHandler); use base qw(PVE::RESTHandler);
...@@ -159,6 +160,17 @@ my $check_duplicate_gateway = sub { ...@@ -159,6 +160,17 @@ my $check_duplicate_gateway = sub {
} }
}; };
my $check_ipv4_settings = sub {
my $param = $_[0];
my $binip = Net::IP::ip_iptobin($param->{address}, 4);
my $binmask = Net::IP::ip_iptobin($param->{netmask}, 4);
my $broadcast = Net::IP::ip_to_bin('255.255.255.255', 4);
my $binhost = $binip | $binmask;
raise_param_exc({ address => "$param->{address} is not a valid host ip address." })
if ($binhost eq $binmask) || ($binhost eq $broadcast);
};
__PACKAGE__->register_method({ __PACKAGE__->register_method({
name => 'create_network', name => 'create_network',
...@@ -192,6 +204,8 @@ __PACKAGE__->register_method({ ...@@ -192,6 +204,8 @@ __PACKAGE__->register_method({
&$check_duplicate_gateway($config, $iface) &$check_duplicate_gateway($config, $iface)
if $param->{gateway}; if $param->{gateway};
&$check_ipv4_settings($param);
$param->{method} = $param->{address} ? 'static' : 'manual'; $param->{method} = $param->{address} ? 'static' : 'manual';
$config->{$iface} = $param; $config->{$iface} = $param;
...@@ -247,6 +261,8 @@ __PACKAGE__->register_method({ ...@@ -247,6 +261,8 @@ __PACKAGE__->register_method({
&$check_duplicate_gateway($config, $iface) &$check_duplicate_gateway($config, $iface)
if $param->{gateway}; if $param->{gateway};
&$check_ipv4_settings($param);
$param->{method} = $param->{address} ? 'static' : 'manual'; $param->{method} = $param->{address} ? 'static' : 'manual';
foreach my $k (keys %$param) { foreach my $k (keys %$param) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment