diff options
author | Mitch Jackson <mitch@freeside.biz> | 2018-07-08 23:15:20 -0500 |
---|---|---|
committer | Mitch Jackson <mitch@freeside.biz> | 2018-10-19 19:42:15 -0400 |
commit | f56debe7d5703435e6a3cdd4c4c90b9de2527ae7 (patch) | |
tree | 2cde3a8407ba859599da2e428afe0c93d9cc14cb | |
parent | 966183ff11dd1a0b21eac2905118f478b84102c5 (diff) |
RT# 80555 Sanitize leading 0's from ip addr input
-rw-r--r-- | FS/FS/IP_Mixin.pm | 9 | ||||
-rw-r--r-- | FS/FS/Record.pm | 20 | ||||
-rw-r--r-- | FS/FS/tower_sector.pm | 3 |
3 files changed, 24 insertions, 8 deletions
diff --git a/FS/FS/IP_Mixin.pm b/FS/FS/IP_Mixin.pm index 3ec7693..0b138dd 100644 --- a/FS/FS/IP_Mixin.pm +++ b/FS/FS/IP_Mixin.pm @@ -94,6 +94,15 @@ sub ip_check { $self->ip_addr(''); } + # strip user-entered leading 0's from IPv4 addresses + # Parsers like NetAddr::IP interpret them as octal instead of decimal + $self->ip_addr( + join( '.', ( + map{ int($_) } + split( /\./, $self->ip_addr ) + )) + ) if $self->ip_addr =~ /\./ && $self->ip_addr =~ /[\.^]0/; + if ( $self->ip_addr and !$self->router and $self->conf->exists('auto_router') ) { diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm index c790ec0..2a4a200 100644 --- a/FS/FS/Record.pm +++ b/FS/FS/Record.pm @@ -2882,11 +2882,9 @@ to 127.0.0.1. sub ut_ip { my( $self, $field ) = @_; $self->setfield($field, '127.0.0.1') if $self->getfield($field) eq '::1'; - $self->getfield($field) =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ - or return "Illegal (IP address) $field: ". $self->getfield($field); - for ( $1, $2, $3, $4 ) { return "Illegal (IP address) $field" if $_ > 255; } - $self->setfield($field, "$1.$2.$3.$4"); - ''; + return "Illegal (IP address) $field: ".$self->getfield($field) + unless $self->getfield($field) =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/; + $self->ut_ip46($field); } =item ut_ipn COLUMN @@ -2914,7 +2912,17 @@ Check/untaint IPv4 or IPv6 address. sub ut_ip46 { my( $self, $field ) = @_; - my $ip = NetAddr::IP->new($self->getfield($field)) + my $ip_addr = $self->getfield( $field ); + + # strip user-entered leading 0's from IPv4 addresses + # Parsers like NetAddr::IP interpret them as octal instead of decimal + $ip_addr = join( '.', ( + map{ int($_) } + split( /\./, $ip_addr ) + ) + ) if $ip_addr =~ /\./ && $ip_addr =~ /[\.^]0/; + + my $ip = NetAddr::IP->new( $ip_addr ) or return "Illegal (IP address) $field: ".$self->getfield($field); $self->setfield($field, lc($ip->addr)); return ''; diff --git a/FS/FS/tower_sector.pm b/FS/FS/tower_sector.pm index e4996f3..9f5b142 100644 --- a/FS/FS/tower_sector.pm +++ b/FS/FS/tower_sector.pm @@ -154,7 +154,7 @@ sub check { $self->ut_numbern('sectornum') || $self->ut_number('towernum', 'tower', 'towernum') || $self->ut_text('sectorname') - || $self->ut_textn('ip_addr') + || $self->ut_ip46n('ip_addr') || $self->ut_floatn('height') || $self->ut_numbern('freq_mhz') || $self->ut_numbern('direction') @@ -336,4 +336,3 @@ L<FS::tower>, L<FS::Record>, schema.html from the base documentation. =cut 1; - |