Bug #1641 fix. DHCP server default gateway needs input validation.

1 files changed, 7 insertions, 0 deletions

diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php
index d02fef6..fdd70a9 100755
--- a/usr/local/www/services_dhcp.php
+++ b/usr/local/www/services_dhcp.php
@@ -216,6 +216,13 @@ if ($_POST) {
 			$input_errors[] = gettext("A valid IP address must be specified for the gateway.");
 		if (($_POST['wins1'] && !is_ipaddr($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddr($_POST['wins2'])))
 			$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers.");
+		$parent_ip = get_interface_ip($_POST['if']);
+		if (is_ipaddr($parent_ip)) {
+			$parent_sn = get_interface_subnet($_POST['if']);
+			if(!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) {
+				$input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']);
+			}
+		}
 		if (($_POST['dns1'] && !is_ipaddr($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddr($_POST['dns2'])))
 			$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary DNS servers.");