When adding ip aliases on top of carp not in the subnet of the carp configured address but an ip alias of the real interface do not error out but accept this as a valid configuration.

2 files changed, 3 insertions, 2 deletions

diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index feb2cff..22a109f 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -4117,7 +4117,7 @@ function find_carp_interface($ip) {
 function link_carp_interface_to_parent($interface) {
 	global $config;
 
-	if ($interface == "")
+	if (empty($interface))
 		return;
 
 	$carp_ip = get_interface_ip($interface);
diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php
index bf03403..b97b593 100755
--- a/usr/local/www/firewall_virtual_ip_edit.php
+++ b/usr/local/www/firewall_virtual_ip_edit.php
@@ -194,7 +194,8 @@ if ($_POST) {
 				$parent_sn = get_interface_subnetv6($_POST['interface']);
 				$subnet = gen_subnetv6($parent_ip, $parent_sn);
 			}
-			if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet($_POST['interface'], $_POST['subnet'])) {
+			if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") &&
+			    !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
 				$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'] ;
 				$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s.  Please add an IP alias in this subnet on this interface."),$cannot_find);
 			}