ipset: don't allow the creation of zero-prefix entries

author Wolfgang Bumiller <w.bumiller@proxmox.com>

Tue, 29 Nov 2016 11:06:23 +0000 (12:06 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 29 Nov 2016 11:16:53 +0000 (12:16 +0100)
author Wolfgang Bumiller <w.bumiller@proxmox.com>
Tue, 29 Nov 2016 11:06:23 +0000 (12:06 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 29 Nov 2016 11:16:53 +0000 (12:16 +0100)
diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm

index 6129c9d6f79c4fff9284f19240725c35bc643f25..ea6d1a22bb1c7f79463ef7488ddb96ccdb0e0aaf 100644 (file)
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -187,6 +187,9 @@ sub register_create_ip {
                     if $entry->{cidr} eq $cidr;
             }
  
                     if $entry->{cidr} eq $cidr;
             }
  
+           raise_param_exc({ cidr => "a zero prefix is not allowed in ipset entries" })
+               if $cidr =~ m!/0+$!;
+
             # make sure alias exists (if $cidr is an alias)
             PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $cidr)
                 if $cidr =~ m/^${PVE::Firewall::ip_alias_pattern}$/;
             # make sure alias exists (if $cidr is an alias)
             PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $cidr)
                 if $cidr =~ m/^${PVE::Firewall::ip_alias_pattern}$/;
author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Tue, 29 Nov 2016 11:06:23 +0000 (12:06 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 29 Nov 2016 11:16:53 +0000 (12:16 +0100)