diff options
| author | Mitch Jackson <mitch@freeside.biz> | 2018-07-08 23:15:20 -0500 |
|---|---|---|
| committer | Mitch Jackson <mitch@freeside.biz> | 2018-07-08 23:15:20 -0500 |
| commit | 6de42f2b2f6c58cf6ce0db933c2d8d5d40b411ca (patch) | |
| tree | a8b06107161bd45bb62c3d568e742b31a9338d44 | |
| parent | a8a95509bfca2510f1e5627e5a0d269ed78834cb (diff) | |
RT# 80555 Sanitize leading 0's from ip addr input
| -rw-r--r-- | FS/FS/IP_Mixin.pm | 9 | ||||
| -rw-r--r-- | FS/FS/Record.pm | 20 | ||||
| -rw-r--r-- | FS/FS/tower_sector.pm | 3 |
3 files changed, 24 insertions, 8 deletions
diff --git a/FS/FS/IP_Mixin.pm b/FS/FS/IP_Mixin.pm index b68b0b624..fc3a0146b 100644 --- a/FS/FS/IP_Mixin.pm +++ b/FS/FS/IP_Mixin.pm @@ -94,6 +94,15 @@ sub ip_check { $self->ip_addr(''); } + # strip user-entered leading 0's from IPv4 addresses + # Parsers like NetAddr::IP interpret them as octal instead of decimal + $self->ip_addr( + join( '.', ( + map{ int($_) } + split( /\./, $self->ip_addr ) + )) + ) if $self->ip_addr =~ /\./ && $self->ip_addr =~ /[\.^]0/; + if ( $self->ip_addr and !$self->router and $self->conf->exists('auto_router') ) { diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm index 5de4ca752..cf8ec4d73 100644 --- a/FS/FS/Record.pm +++ b/FS/FS/Record.pm @@ -2881,11 +2881,9 @@ to 127.0.0.1. sub ut_ip { my( $self, $field ) = @_; $self->setfield($field, '127.0.0.1') if $self->getfield($field) eq '::1'; - $self->getfield($field) =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ - or return "Illegal (IP address) $field: ". $self->getfield($field); - for ( $1, $2, $3, $4 ) { return "Illegal (IP address) $field" if $_ > 255; } - $self->setfield($field, "$1.$2.$3.$4"); - ''; + return "Illegal (IP address) $field: ".$self->getfield($field) + unless $self->getfield($field) =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/; + $self->ut_ip46($field); } =item ut_ipn COLUMN @@ -2913,7 +2911,17 @@ Check/untaint IPv4 or IPv6 address. sub ut_ip46 { my( $self, $field ) = @_; - my $ip = NetAddr::IP->new($self->getfield($field)) + my $ip_addr = $self->getfield( $field ); + + # strip user-entered leading 0's from IPv4 addresses + # Parsers like NetAddr::IP interpret them as octal instead of decimal + $ip_addr = join( '.', ( + map{ int($_) } + split( /\./, $ip_addr ) + ) + ) if $ip_addr =~ /\./ && $ip_addr =~ /[\.^]0/; + + my $ip = NetAddr::IP->new( $ip_addr ) or return "Illegal (IP address) $field: ".$self->getfield($field); $self->setfield($field, lc($ip->addr)); return ''; diff --git a/FS/FS/tower_sector.pm b/FS/FS/tower_sector.pm index 800d4989a..238a543a2 100644 --- a/FS/FS/tower_sector.pm +++ b/FS/FS/tower_sector.pm @@ -247,7 +247,7 @@ sub check { $self->ut_numbern('sectornum') || $self->ut_number('towernum', 'tower', 'towernum') || $self->ut_text('sectorname') - || $self->ut_textn('ip_addr') + || $self->ut_ip46n('ip_addr') || $self->ut_floatn('height') || $self->ut_numbern('freq_mhz') || $self->ut_numbern('direction') @@ -480,4 +480,3 @@ L<FS::tower>, L<FS::Record>, schema.html from the base documentation. =cut 1; - |