[pve-devel] [PATCH] Added ipv4 validation, forbid network and broadcast addresses

Damien PIQUET piqudam at gmail.com
Tue Feb 26 17:55:30 CET 2013


Signed-off-by: Damien PIQUET <piqudam at gmail.com>
---
 PVE/API2/Network.pm |   16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index 979063c..850470e 100644
--- a/PVE/API2/Network.pm
+++ b/PVE/API2/Network.pm
@@ -12,6 +12,7 @@ use PVE::RPCEnvironment;
 use PVE::JSONSchema qw(get_standard_option);
 use PVE::AccessControl;
 use IO::File;
+use Net::IP qw(:PROC);
 
 use base qw(PVE::RESTHandler);
 
@@ -159,6 +160,17 @@ my $check_duplicate_gateway = sub {
     }
 };
 
+my $check_ipv4_settings = sub {
+    my $param = $_[0];
+
+    my $binip = Net::IP::ip_iptobin($param->{address}, 4);
+    my $binmask = Net::IP::ip_iptobin($param->{netmask}, 4);
+    my $broadcast = Net::IP::ip_to_bin('255.255.255.255', 4);
+    my $binhost = $binip | $binmask;
+
+    raise_param_exc({ address => "$param->{address} is not a valid host ip address." })
+        if ($binhost eq $binmask) || ($binhost eq $broadcast);
+};
 
 __PACKAGE__->register_method({
     name => 'create_network', 
@@ -192,6 +204,8 @@ __PACKAGE__->register_method({
 	    &$check_duplicate_gateway($config, $iface)
 		if $param->{gateway};
 
+	    &$check_ipv4_settings($param);
+
 	    $param->{method} = $param->{address} ? 'static' : 'manual'; 
 
 	    $config->{$iface} = $param;
@@ -247,6 +261,8 @@ __PACKAGE__->register_method({
 	    &$check_duplicate_gateway($config, $iface)
 		if $param->{gateway};
 
+	    &$check_ipv4_settings($param);
+
 	    $param->{method} = $param->{address} ? 'static' : 'manual'; 
 
 	    foreach my $k (keys %$param) {
-- 
1.7.10.4




More information about the pve-devel mailing list