From: Mitch Jackson Date: Mon, 22 Oct 2018 19:57:05 +0000 (-0400) Subject: RT# 80555 Sanitize leading 0's from ip addr input X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=3e6f3fa1610939bbc35a181966e38ec9d97940f7 RT# 80555 Sanitize leading 0's from ip addr input --- diff --git a/FS/FS/IP_Mixin.pm b/FS/FS/IP_Mixin.pm index 3ec769313..8920cebc5 100644 --- a/FS/FS/IP_Mixin.pm +++ b/FS/FS/IP_Mixin.pm @@ -94,6 +94,10 @@ sub ip_check { $self->ip_addr(''); } + # Will strip extraneous leading zeros from ip adddresses + # e.g. 10.0.022.220 corrected to 10.0.22.220 + $self->ut_ip46n('ip_addr'); + if ( $self->ip_addr and !$self->router and $self->conf->exists('auto_router') ) { diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm index 12e2d318f..fe8fad969 100644 --- a/FS/FS/Record.pm +++ b/FS/FS/Record.pm @@ -2676,7 +2676,7 @@ sub ut_ip { $self->getfield($field) =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ or return "Illegal (IP address) $field: ". $self->getfield($field); for ( $1, $2, $3, $4 ) { return "Illegal (IP address) $field" if $_ > 255; } - $self->setfield($field, "$1.$2.$3.$4"); + $self->setfield( $field, $self->_ut_ip_strip_leading_zeros( "$1.$2.$3.$4" )); ''; } @@ -2705,8 +2705,9 @@ Check/untaint IPv4 or IPv6 address. sub ut_ip46 { my( $self, $field ) = @_; - my $ip = NetAddr::IP->new($self->getfield($field)) - or return "Illegal (IP address) $field: ".$self->getfield($field); + my $ip = NetAddr::IP->new( + $self->_ut_ip_strip_leading_zeros( $self->getfield($field) ) + ) or return "Illegal (IP address) $field: ".$self->getfield($field); $self->setfield($field, lc($ip->addr)); return ''; } @@ -2726,6 +2727,20 @@ sub ut_ip46n { $self->ut_ip46($field); } +sub _ut_ip_strip_leading_zeros { + # strip user-entered leading 0's from IP addresses + # so parsers like NetAddr::IP don't mangle the address + # e.g. NetAddr::IP converts 10.0.022.220 into 10.0.18.220 + + my ( $self, $ip ) = @_; + + return join '.', map int, split /\./, $ip + if $ip + && $ip =~ /\./ + && $ip =~ /[\.^]0/; + $ip; +} + =item ut_coord COLUMN [ LOWER [ UPPER ] ] Check/untaint coordinates.