ipsets: catch zero-prefix entries

author Wolfgang Bumiller <w.bumiller@proxmox.com>

Tue, 29 Nov 2016 11:06:22 +0000 (12:06 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 29 Nov 2016 11:16:26 +0000 (12:16 +0100)
author Wolfgang Bumiller <w.bumiller@proxmox.com>
Tue, 29 Nov 2016 11:06:22 +0000 (12:06 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 29 Nov 2016 11:16:26 +0000 (12:16 +0100)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index ef74ca2fae597a882ea30e778c49cee8cfc5ff77..c7d90f82fde92a442c3255d4656d5775e6b5be67 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2773,6 +2773,10 @@ sub generic_fw_config_parser {
                 $errors->{cidr} = $err;
             }
  
+           if ($cidr =~ m!/0+$!) {
+               $errors->{cidr} = "a zero prefix is not allowed in ipset entries\n";
+           }
+
             my $entry = { cidr => $cidr };
             $entry->{nomatch} = 1 if $nomatch;
             $entry->{comment} = $comment if $comment;
author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Tue, 29 Nov 2016 11:06:22 +0000 (12:06 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 29 Nov 2016 11:16:26 +0000 (12:16 +0100)