diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-12-04 18:20:58 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-12-04 18:21:30 -0200 |
commit | 21d74c8e79948cd05c11f0ab79a463aea4bff2ce (patch) | |
tree | 69de2ba5388c0bd1b3d8aa8eaa264561e9853a9b | |
parent | f70a140fe18cb80012e53f82c268788fbcae5436 (diff) | |
download | pfsense-21d74c8e79948cd05c11f0ab79a463aea4bff2ce.zip pfsense-21d74c8e79948cd05c11f0ab79a463aea4bff2ce.tar.gz |
Prevent network or broadcast address to be set on interface (console, GUI and wizard). It should fix #3196
-rwxr-xr-x | etc/rc.initial.setlanip | 13 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 8 | ||||
-rw-r--r-- | usr/local/www/wizards/setup_wizard.xml | 20 |
3 files changed, 37 insertions, 4 deletions
diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index 14213b5..8273073 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -283,8 +283,19 @@ function console_configure_ip_address($version) { echo "\n" . sprintf(gettext("Enter the new %s %s subnet bit count:"), $upperifname, $label_IPvX) . "\n> "; $intbits = chop(fgets($fp)); + $intbits_ok = is_numeric($intbits) && (($intbits >= 1) || ($intbits <= $maxbits)); $restart_dhcpd = true; - } while (!is_numeric($intbits) || ($intbits < 1) || ($intbits > $maxbits)); + + if ($version === 4 && $intbits < $maxbits) { + if ($intip == gen_subnet($intip, $intbits)) { + echo gettext("You cannot set network address to an interface"); + $intbits_ok = false; + } else if ($intip == gen_subnet_max($intip, $intbits)) { + echo gettext("You cannot set broadcast address to an interface"); + $intbits_ok = false; + } + } + } while (!$intbits_ok); if ($version === 6) { $subnet = gen_subnetv6($intip, $intbits); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index e0ab071..4b74997 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -557,6 +557,14 @@ if ($_POST['apply']) { if (is_ipaddr_configured($_POST['ipaddr'], $if, true)) $input_errors[] = gettext("This IPv4 address is being used by another interface or VIP."); + /* Do not accept network or broadcast address, except if subnet is 31 or 32 */ + if ($_POST['subnet'] < 31) { + if ($_POST['ipaddr'] == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) + $input_errors[] = gettext("This IPv4 address is the network address and cannot be used"); + else if ($_POST['ipaddr'] == gen_subnet_max($_POST['ipaddr'], $_POST['subnet'])) + $input_errors[] = gettext("This IPv4 address is the broadcast address and cannot be used"); + } + foreach ($staticroutes as $route_subnet) { list($network, $subnet) = explode("/", $route_subnet); if ($_POST['subnet'] == $subnet && $network == gen_subnet($_POST['ipaddr'], $_POST['subnet'])) { diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index db9f05d..daf32dd 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -409,9 +409,17 @@ print_info_box_np("Invalid MAC Address. Please press back in your browser window and correct."); die; } - if(!empty($_POST['ipaddress']) && ($_POST['selectedtype'] == "Static") && (!is_ipaddr($_POST['ipaddress']))) { - print_info_box_np("Invalid WAN IP Address. Please press back in your browser window and correct."); - die; + if(!empty($_POST['ipaddress']) && ($_POST['selectedtype'] == "Static")) { + if (!is_ipaddr($_POST['ipaddress'])) { + print_info_box_np("Invalid WAN IP Address. Please press back in your browser window and correct."); + die; + } + if ($_POST['subnetmask'] < 31 && + ($_POST['ipaddress'] == gen_subnet($_POST['ipaddress'], $_POST['subnetmask']) || + $_POST['ipaddress'] == gen_subnet_max($_POST['ipaddress'], $_POST['subnetmask']))) { + print_info_box_np("Invalid WAN IP Address. Please press back in your browser window and correct."); + die; + } } if(!empty($_POST['dhcphostname']) && !is_hostname($_POST['dhcphostname'])) { print_info_box_np("Invalid DHCP Hostname. Please press back in your browser window and correct."); @@ -509,6 +517,12 @@ print_info_box_np("Invalid LAN IP Address. Please press back in your browser window and correct."); die; } + if ($_POST['subnetmask'] < 31 && + ($_POST['lanipaddress'] == gen_subnet($_POST['lanipaddress'], $_POST['subnetmask']) || + $_POST['lanipaddress'] == gen_subnet_max($_POST['lanipaddress'], $_POST['subnetmask']))) { + print_info_box_np("Invalid LAN IP Address. Please press back in your browser window and correct."); + die; + } $ft = explode(".", $_POST['lanipaddress']); $ft_ip = $ft[0] . "." . $ft[1] . "." . $ft[2] . "."; $config['dhcpd']['lan']['range']['from'] = $ft_ip . "10"; |