From bcc2b417c2e062e398a2614622ae673468d3b80e Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Thu, 18 Feb 2016 16:03:01 -0200
Subject: Validate Prefix Delegation range to make sure addresses match first
 network address, otherwise DHCPd will silently fail

---
 src/usr/local/www/services_dhcpv6.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'src')

diff --git a/src/usr/local/www/services_dhcpv6.php b/src/usr/local/www/services_dhcpv6.php
index 781eaaf..9ddd158 100644
--- a/src/usr/local/www/services_dhcpv6.php
+++ b/src/usr/local/www/services_dhcpv6.php
@@ -208,6 +208,30 @@ if ($_POST) {
 		if (($_POST['prefixrange_to'] && !is_ipaddrv6($_POST['prefixrange_to']))) {
 			$input_errors[] = gettext("A valid prefix range must be specified.");
 		}
+
+		if ($_POST['prefixrange_from'] && $_POST['prefixrange_to'] &&
+		    $_POST['prefixrange_length']) {
+			$netmask = Net_IPv6::getNetmask($_POST['prefixrange_from'],
+			    $_POST['prefixrange_length']);
+			$netmask = Net_IPv6::compress($netmask);
+
+			if ($netmask != Net_IPv6::compress($_POST['prefixrange_from'])) {
+				$input_errors[] = sprintf(gettext(
+				    "Prefix Delegation From address is not a valid IPv6 Netmask for %s"),
+				    $netmask . '/' . $_POST['prefixrange_length']);
+			}
+
+			$netmask = Net_IPv6::getNetmask($_POST['prefixrange_to'],
+			    $_POST['prefixrange_length']);
+			$netmask = Net_IPv6::compress($netmask);
+
+			if ($netmask != Net_IPv6::compress($_POST['prefixrange_to'])) {
+				$input_errors[] = sprintf(gettext(
+				    "Prefix Delegation To address is not a valid IPv6 Netmask for %s"),
+				    $netmask . '/' . $_POST['prefixrange_length']);
+			}
+		}
+
 		if (($_POST['range_from'] && !is_ipaddrv6($_POST['range_from']))) {
 			$input_errors[] = gettext("A valid range must be specified.");
 		}
-- 
cgit v1.1