diff options
author | Phil Davis <phil.davis@inf.org> | 2015-12-18 12:49:50 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-12-18 12:49:50 +0545 |
commit | 81df378db9bfa32486590a53447600bc6e759200 (patch) | |
tree | a41ba2d3da248781b16cc77f3f4276755049ab03 /src/usr/local/www/services_dhcp_edit.php | |
parent | bdabc817f21adb31e6f512fe59f7676997eaee8d (diff) | |
download | pfsense-81df378db9bfa32486590a53447600bc6e759200.zip pfsense-81df378db9bfa32486590a53447600bc6e759200.tar.gz |
Fix static DHCP address validation
1) Use gen_subnetv4 and gen_subnetv4_max rather than doing the guts of the calculation inline. (The ~gen_subnet_mask_long($ifcfgsn) thing was the cause of the problem)
2) Add validation checks to stop people using the network address or broadcast address as a statically allocated DHCP address.
Should fix Redmine #5651
Diffstat (limited to 'src/usr/local/www/services_dhcp_edit.php')
-rw-r--r-- | src/usr/local/www/services_dhcp_edit.php | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/usr/local/www/services_dhcp_edit.php b/src/usr/local/www/services_dhcp_edit.php index 3a6b753..b07bb0d 100644 --- a/src/usr/local/www/services_dhcp_edit.php +++ b/src/usr/local/www/services_dhcp_edit.php @@ -252,12 +252,21 @@ if ($_POST) { } } - $lansubnet_start = ip2ulong(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); - $lansubnet_end = ip2ulong(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)))); - if ((ip2ulong($_POST['ipaddr']) < $lansubnet_start) || - (ip2ulong($_POST['ipaddr']) > $lansubnet_end)) { + $lansubnet_start = ip2ulong(gen_subnetv4($ifcfgip, $ifcfgsn)); + $lansubnet_end = ip2ulong(gen_subnetv4_max($ifcfgip, $ifcfgsn)); + $ipaddr_int = ip2ulong($_POST['ipaddr']); + if (($ipaddr_int < $lansubnet_start) || + ($ipaddr_int > $lansubnet_end)) { $input_errors[] = sprintf(gettext("The IP address must lie in the %s subnet."), $ifcfgdescr); } + + if ($ipaddr_int == $lansubnet_start) { + $input_errors[] = sprintf(gettext("The IP address cannot be the %s network address."), $ifcfgdescr); + } + + if ($ipaddr_int == $lansubnet_end) { + $input_errors[] = sprintf(gettext("The IP address cannot be the %s broadcast address."), $ifcfgdescr); + } } if (($_POST['gateway'] && !is_ipaddrv4($_POST['gateway']))) { |