From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: network@lists.ipfire.org Subject: Re: [network] [PATCH] pppoe-server: Check for valid network Date: Fri, 06 Nov 2015 15:00:59 +0000 Message-ID: <1446822059.2699.64.camel@ipfire.org> In-Reply-To: <1444920650.18375.43.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6805519018856417280==" List-Id: --===============6805519018856417280== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Is there any update on this? -Michael On Thu, 2015-10-15 at 15:50 +0100, Michael Tremer wrote: > Hi, > > there are some issues with this patch. > > On Thu, 2015-10-15 at 15:49 +0200, Stefan Schantl wrote: > > The pppoe-server did not proper check if a valid > > IPv4 or IPv6 network has been specified. > > > > Signed-off-by: Stefan Schantl > > --- > > src/hooks/configs/pppoe-server | 6 ++++++ > > 1 file changed, 6 insertions(+) > > > > diff --git a/src/hooks/configs/pppoe-server > > b/src/hooks/configs/pppoe > > -server > > index 1ef3ba9..ac9b90a 100644 > > --- a/src/hooks/configs/pppoe-server > > +++ b/src/hooks/configs/pppoe-server > > @@ -42,6 +42,12 @@ hook_check_config_settings() { > > assert isset SUBNET > > assert isset MAX_SESSIONS > > > > + # Check input. > > + if ! ip_is_network "${SUBNET}"; then > > + log ERROR "Invalid subnet. Please provide a valid > > IPv6 or IPv4 network." > > + return ${EXIT_ERROR} > > + fi > > + > > This will only validate the input when it is written to the > configuration file or read from the configuration file. I think this > should be as fast as possible and not clutter the log when something > is > going wrong. > > The user should get an error when the input is received from the > command line (that is a bit further down in the file). > > The PPPoE server does NOT handle and IPv6 addresses here. It supports > IPv6, but IP addresses are not handed out in the same style as on an > IPv4 PPP link. You will have to check for IPv4 only. You should also > check if the subnet is big enough. > > Please consider sending more patches that validate the rest of the > configuration. > > > local server > > for server in ${DNS_SERVERS}; do > > assert ipv4_is_valid "${server}" > > -Michael --===============6805519018856417280== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldQTUNyQUFvSkVJQjU4UDl2a0FrSG9Ra1AvMTNQaEdnTVhJazh5ZDc3TkxIQmRFMk4K cFhNREtIZVZDeitpWFRwUjJQUkpaZ2JLS1IwdnR1ejg2bVJkc1AvTnRUY09ta29vMHN0ZjB2dlN2 Z2FENkJ3bgpCUVdrZUllRWxTZkNQUm9nbkRLWmlRVG5wS2JVekVWekZxYWo1czRSYmdBU2krUG9n eWl6QVJvZXUxdDRQTTVtCm5lK0MrdGRLNFdXNXhqY1k0b3RQT1BvWGJtM3RFc2J3S2VaU00rV0cr Q2ZBK0IrdFpkS3l0M21RS1I3NHlwZ0UKdlU2d2NWbGJkdng0NXRQdWJQelUxTlprNUhZRm1ST3Fa R2VQenZiRndxYU15em51RDBZRjgvU3RyWjh1b1ZxVApVdGhJMnFLWDdhTkltY3FiR2xtb3lPaEpl M0U0OUtEWjF2VVdwa3hDTmVMQU5tTlBqa1MxT3pYTlROd0Q1cFhBCk9lNEFWQzYvSW12dDJSTWFr ajFab1hlVXhmTEdPYXJhbnJEcTQ4a0xadG5zUXA4bnFURGx2bmtpYVFWSEhnWDYKWFNEeDZkTzhR ZEdHZmxTRmhVcmFPNmdKS2YzTDNwaDN0c09KYzluT3AwTUZJYVEyN2JBdC92dzJRdTQyVE51MAo0 Rk4rSXZpWmlwU3dLMjYyRUNhUHcvQmNZcmtuSWdLRUUyOGRubTFsRG9ReUw2YW5hbjAzMzBsOXVY QW9ZSWdyCmRoTTFxdS96Q0dFSWpjNCtGKytjM3I4UTBiTmtOSzF6SE5USXdUMXpNYjljMDZ4ZjlF MEVHLzZ3UVFjWlU1UUkKa2liWEhyS2dXTlJ6c2FsRnNoNm5MalQ1aWQxazZ0THEweW5QdUdHVEsv RU1IUjFjZEtsZFF4aHUrTWxHQjlUSgo2NlZPSzh4U0JjeWNjdEVuTVZLUwo9bGhiVwotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============6805519018856417280==--