From: Dietmar Maurer Date: Thu, 3 Apr 2014 07:25:28 +0000 (+0200) Subject: parse_address_list: only allow one ip range X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=3162af6b6288fdf740f6808421ad1ebc7993784c;hp=cbb5d6f35612337edbb6d2bb0aa18028dd07fe9f;ds=sidebyside parse_address_list: only allow one ip range The previous check did not work if the range is the first entry in the list, for example: IN ACCEPT net0 10.0.0.1-10.0.0.10,10.0.0.12 --- diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index e060244..88fc044 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -613,18 +613,18 @@ sub get_etc_protocols { sub parse_address_list { my ($str) = @_; - my $nbaor = 0; - foreach my $aor (split(/,/, $str)) { - if($nbaor > 0 && $aor =~ m/-/){ - die "you can use a range in a list"; - } - if (!Net::IP->new($aor)) { + my $count = 0; + my $iprange = 0; + foreach my $elem (split(/,/, $str)) { + $count++; + if (!Net::IP->new($elem)) { my $err = Net::IP::Error(); die "invalid IP address: $err\n"; - }else{ - $nbaor++; } + $iprange = 1 if $elem =~ m/-/; } + + die "you can use a range in a list\n" if $iprange && $count > 1; } sub parse_port_name_number_or_range {