Validate if both IP address and subnet are valid and the same version. Fixes #4223

author: Renato Botelho <garga@FreeBSD.org> 2015-01-16 11:50:23 -0200
committer: Renato Botelho <garga@FreeBSD.org> 2015-01-16 11:50:23 -0200
commit: 17c982555a2a3ecfa5c2ce988a6d85bee5a5980d (patch)
tree: 5ef543a33560ed0e5b8aa63085a3ae09278e1af1
parent: 5b7c33fc7e68339e45f3bb2b59580d00c9eda0eb (diff)
download: pfsense-17c982555a2a3ecfa5c2ce988a6d85bee5a5980d.zip
pfsense-17c982555a2a3ecfa5c2ce988a6d85bee5a5980d.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 8e3eed7..e65d52c 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -761,13 +761,14 @@ function check_subnetsv6_overlap($subnet1, $bits1, $subnet2, $bits2) {
 
 /* return true if $addr is in $subnet, false if not */
 function ip_in_subnet($addr,$subnet) {
-	if(is_ipaddrv6($addr)) {
+	if(is_ipaddrv6($addr) && is_subnetv6($subnet)) {
 		return (Net_IPv6::isInNetmask($addr, $subnet));
-	} else { /* XXX: Maybe check for IPv4 */
+	} else if (is_ipaddrv4($addr) && is_subnetv4($subnet)) {
 		list($ip, $mask) = explode('/', $subnet);
 		$mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
 		return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
 	}
+	return false;
 }
 
 /* returns true if $hostname is just a valid hostname (top part without any of the domain part) */
author	Renato Botelho <garga@FreeBSD.org>	2015-01-16 11:50:23 -0200
committer	Renato Botelho <garga@FreeBSD.org>	2015-01-16 11:50:23 -0200
commit	17c982555a2a3ecfa5c2ce988a6d85bee5a5980d (patch)
tree	5ef543a33560ed0e5b8aa63085a3ae09278e1af1
parent	5b7c33fc7e68339e45f3bb2b59580d00c9eda0eb (diff)
download	pfsense-17c982555a2a3ecfa5c2ce988a6d85bee5a5980d.zip pfsense-17c982555a2a3ecfa5c2ce988a6d85bee5a5980d.tar.gz