From 3162af6b6288fdf740f6808421ad1ebc7993784c Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 3 Apr 2014 09:25:28 +0200
Subject: [PATCH] parse_address_list: only allow one ip range

The previous check did not work if the range is the first entry in the list,
for example:

IN  ACCEPT net0 10.0.0.1-10.0.0.10,10.0.0.12
---
 src/PVE/Firewall.pm | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index e060244..88fc044 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -613,18 +613,18 @@ sub get_etc_protocols {
 sub parse_address_list {
     my ($str) = @_;
 
-    my $nbaor = 0;
-    foreach my $aor (split(/,/, $str)) {
-	if($nbaor > 0 && $aor =~ m/-/){
-	    die "you can use a range in a list";
-	}
-	if (!Net::IP->new($aor)) {
+    my $count = 0;
+    my $iprange = 0;
+    foreach my $elem (split(/,/, $str)) {
+	$count++;
+	if (!Net::IP->new($elem)) {
 	    my $err = Net::IP::Error();
 	    die "invalid IP address: $err\n";
-	}else{
-	    $nbaor++;
 	}
+	$iprange = 1 if $elem =~ m/-/;
     }
+    
+    die "you can use a range in a list\n" if $iprange && $count > 1;
 }
 
 sub parse_port_name_number_or_range {
-- 
2.39.2