From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: network@lists.ipfire.org Subject: Re: [network] [PATCH] pppoe-server: Check for valid network Date: Thu, 15 Oct 2015 15:50:50 +0100 Message-ID: <1444920650.18375.43.camel@ipfire.org> In-Reply-To: <1444916992-7458-1-git-send-email-stefan.schantl@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5732133388006950557==" List-Id: --===============5732133388006950557== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, there are some issues with this patch. On Thu, 2015-10-15 at 15:49 +0200, Stefan Schantl wrote: > The pppoe-server did not proper check if a valid > IPv4 or IPv6 network has been specified. > > Signed-off-by: Stefan Schantl > --- > src/hooks/configs/pppoe-server | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/src/hooks/configs/pppoe-server b/src/hooks/configs/pppoe > -server > index 1ef3ba9..ac9b90a 100644 > --- a/src/hooks/configs/pppoe-server > +++ b/src/hooks/configs/pppoe-server > @@ -42,6 +42,12 @@ hook_check_config_settings() { > assert isset SUBNET > assert isset MAX_SESSIONS > > + # Check input. > + if ! ip_is_network "${SUBNET}"; then > + log ERROR "Invalid subnet. Please provide a valid > IPv6 or IPv4 network." > + return ${EXIT_ERROR} > + fi > + This will only validate the input when it is written to the configuration file or read from the configuration file. I think this should be as fast as possible and not clutter the log when something is going wrong. The user should get an error when the input is received from the command line (that is a bit further down in the file). The PPPoE server does NOT handle and IPv6 addresses here. It supports IPv6, but IP addresses are not handed out in the same style as on an IPv4 PPP link. You will have to check for IPv4 only. You should also check if the subnet is big enough. Please consider sending more patches that validate the rest of the configuration. > local server > for server in ${DNS_SERVERS}; do > assert ipv4_is_valid "${server}" -Michael --===============5732133388006950557== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldINzFLQUFvSkVJQjU4UDl2a0FrSCtCZ1AvaXk3RmdlSm90eHloYVNuYzB5UEx0Ry8K RVpaa1J4MStVdTZ4c0hjOFVlS1ZxV1B6Mi9EYUhXZG14Q0xmM2thQ2JVZElEclpQMG55UlhGSkFX a2ZCU05GRQo0dEpuQVVkWkNtenpUVTVlQWNFbjFwYmQ0RHFtNjRoc2MraHZkWTU3c01IY3NrS0dK ZGRwMDR5TEtkTDJLU0tGCjJGRFlEYUU4bWhsK3dyd0FCbEFqc1FKa29IcUVHVEtjRUlpZG5uMTMz WjVNTStkZWJUTFNCK3ZDTFB4ck9KZ0oKQlhFamhTNExjbWxzQjFaRzdRNitTWGszQkJrVGRINmwz VGkzT3ZBVTJ3NGpzKzhoRVVybWVuOUlJNjI0eTVodQpua1E1TmJCa25VQVoyZUdVdTZiUUFYR2xU NjBXcTI3WmRIek93SmJFT1M2NmVBSnNhLzFrck9hcjNmR1ZSMmpqCmhaN0w5L3JhVm55clhobm1n ODJKYjFCY2RNNVp0aGJROVBBTWtLUTFyZjVUckxZUjhLY3RGT3IwUldsbFk5KzAKQjVDSXJLdWsw ZWNFMDNRaHRtSFhDR3FHeFNrOGhGNkRDOERiaXZ4Z3lkbVdrTkdRVVQvcENmTlZDaTlCK09Sdwp1 UnN4WFdZcVZuRXlQb2lQQzNVNWM3dC9qRCtKdTRiWlRHRTA1RHk3ZTJtZkxiMjM5am4yWGZvWWhY NVpmTFFYCnVXRCsrVW9ieFpZbExmQk8zL2tDZUpqYTVOMWlWeVRXdVdVNjRrSEhranZCUHNRWWlv SUQydDlRMmVpb2RuTlIKWXBsZHZrUG5pb1dmeW9YVEo2bnlpYlg5V3NBUmVpZDF3V2Q2QzNOOUkx aEwxRUJpUXNiMFBlWVU4Z1dBNE9NTQpwRjl2ZFI2d0FZRFczQndYWGwxOAo9NFJCWQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============5732133388006950557==--