[pve-devel] [PATCH] Added ipv4 validation, forbid network and broadcast addresses
Damien PIQUET
piqudam at gmail.com
Tue Feb 26 17:55:30 CET 2013
Signed-off-by: Damien PIQUET <piqudam at gmail.com>
---
PVE/API2/Network.pm | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index 979063c..850470e 100644
--- a/PVE/API2/Network.pm
+++ b/PVE/API2/Network.pm
@@ -12,6 +12,7 @@ use PVE::RPCEnvironment;
use PVE::JSONSchema qw(get_standard_option);
use PVE::AccessControl;
use IO::File;
+use Net::IP qw(:PROC);
use base qw(PVE::RESTHandler);
@@ -159,6 +160,17 @@ my $check_duplicate_gateway = sub {
}
};
+my $check_ipv4_settings = sub {
+ my $param = $_[0];
+
+ my $binip = Net::IP::ip_iptobin($param->{address}, 4);
+ my $binmask = Net::IP::ip_iptobin($param->{netmask}, 4);
+ my $broadcast = Net::IP::ip_to_bin('255.255.255.255', 4);
+ my $binhost = $binip | $binmask;
+
+ raise_param_exc({ address => "$param->{address} is not a valid host ip address." })
+ if ($binhost eq $binmask) || ($binhost eq $broadcast);
+};
__PACKAGE__->register_method({
name => 'create_network',
@@ -192,6 +204,8 @@ __PACKAGE__->register_method({
&$check_duplicate_gateway($config, $iface)
if $param->{gateway};
+ &$check_ipv4_settings($param);
+
$param->{method} = $param->{address} ? 'static' : 'manual';
$config->{$iface} = $param;
@@ -247,6 +261,8 @@ __PACKAGE__->register_method({
&$check_duplicate_gateway($config, $iface)
if $param->{gateway};
+ &$check_ipv4_settings($param);
+
$param->{method} = $param->{address} ? 'static' : 'manual';
foreach my $k (keys %$param) {
--
1.7.10.4
More information about the pve-devel
mailing list