Mark Wu has uploaded a new change for review. Change subject: Improve the validation of netmask and gateway ......................................................................
Improve the validation of netmask and gateway Change-Id: I3c0a39f3f681a9e587f9118246e42a29e18d604b Signed-off-by: Mark Wu <[email protected]> --- M tests/configNetworkTests.py M vdsm/configNetwork.py 2 files changed, 34 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/13/7713/1 diff --git a/tests/configNetworkTests.py b/tests/configNetworkTests.py index cc88184..58d1ebe 100644 --- a/tests/configNetworkTests.py +++ b/tests/configNetworkTests.py @@ -126,10 +126,10 @@ self.assertEqual(configNetwork.validateIpAddress(address), None) def testIsNetmaskValid(self): - masks = ('10.18.1.254', '10.50.25.177', '250.0.0.1', - '20.20.25.25') - badMasks = ('192.168.1.256', '10.50.25.1777', '256.0.0.1', - '20.20.25.25.25') + masks = ('254.0.0.0', '255.255.255.0', '255.255.255.128', + '255.255.255.224') + badMasks = ('192.168.1.0', '10.50.25.17', '255.0.255.0', + '253.0.0.0') for mask in badMasks: with self.assertRaises(configNetwork.ConfigNetworkError) \ @@ -141,6 +141,22 @@ for mask in masks: self.assertEqual(configNetwork.validateNetmask(mask), None) + def testIsGatewayValid(self): + gateways = (('192.168.122.1', '192.168.122.234', '255.255.255.0'), + ('192.168.122.4', '192.168.122.29', '255.255.255.224')) + badGateways = (('192.168.122.1', '192.168.123.4', '255.255.255.0'), + ('192.168.122.1', '192.168.122.39', '255.255.255.224')) + + for gateway in badGateways: + with self.assertRaises(configNetwork.ConfigNetworkError) \ + as cneContext: + configNetwork.validateGateway(*gateway) + self.assertEqual(cneContext.exception.errCode, + configNetwork.ne.ERR_BAD_ADDR) + + for gateway in gateways: + self.assertEqual(configNetwork.validateGateway(*gateway), None) + @memoized def _bondingModuleOptions(self): p = subprocess.Popen(['/sbin/modinfo', 'bonding'], diff --git a/vdsm/configNetwork.py b/vdsm/configNetwork.py index b8fbd9f..cfa8c40 100755 --- a/vdsm/configNetwork.py +++ b/vdsm/configNetwork.py @@ -656,6 +656,9 @@ return False return True +def _dottedQuadToNum(ipaddr): + return int(''.join('%02x' % int(i) for i in ipaddr.split('.')), 16) + def validateIpAddress(ipAddr): if not _validateIpAddress(ipAddr): raise ConfigNetworkError(ne.ERR_BAD_ADDR, "Bad IP address: %r"%ipAddr) @@ -663,10 +666,19 @@ def validateNetmask(netmask): if not _validateIpAddress(netmask): raise ConfigNetworkError(ne.ERR_BAD_ADDR, "Bad netmask: %r"%netmask) + num = _dottedQuadToNum(netmask) + if (num & (num - 1)) != (num << 1) & 0xffffffff: + raise ConfigNetworkError(ne.ERR_BAD_ADDR, "Bad netmask: %r"%netmask) -def validateGateway(gateway): +def validateGateway(gateway, ipaddr, netmask): if not _validateIpAddress(gateway): raise ConfigNetworkError(ne.ERR_BAD_ADDR, "Bad gateway: %r"%gateway) + else: + (gw, ip, mask) = [_dottedQuadToNum(addr) for addr + in (gateway, ipaddr, netmask)] + if ip & mask != gw & mask: + raise ConfigNetworkError(ne.ERR_BAD_ADDR, + "Bad gateway: %r"%gateway) def validateBondingName(bonding): if not re.match('^bond[0-9]+$', bonding): @@ -763,7 +775,7 @@ validateIpAddress(ipaddr) validateNetmask(netmask) if gateway: - validateGateway(gateway) + validateGateway(gateway, ipaddr, netmask) else: if netmask or gateway: raise ConfigNetworkError(ne.ERR_BAD_ADDR, -- To view, visit http://gerrit.ovirt.org/7713 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3c0a39f3f681a9e587f9118246e42a29e18d604b Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Mark Wu <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
