Feature #2731
closed
Add input validation of static route destination networks
0%
Description
We need input validation on system_routes_edit.php to prevent adding a static route with "Destination network" == any locally-configured subnet. e.g. if your LAN is 192.168.1.1/24, a destination network of 192.168.1.0/24 on a static route is not valid. People have a tendency of adding such routes for some reason, which breaks their network in various ways. Worse, when you delete such a static route, "route delete" also whacks the interface's link route, so that NIC is dead until you click Save under Interfaces on it.
Needs to check against all locally-configured IPs (interface IPs, VIPs, IPv4 and v6). Route destination must be an exact match to a locally configured IP to be rejected, for instance 192.168.1.128/25 is a potentially valid route when you have a 192.168.1.0/24 subnet locally.
Updated by Jose Silva over 11 years ago
Hi I would like to work on this ticket. Reading the util.inc, I found the method get_configured_ip_addresses. So to implement this fix I had the following idea:
At the POST block at system_routes_edit.php, after the validations that already implemented, I check all ips returned by get_configured_ip_addresses() are included in the subnet being added.
assumptions:
- it must be an ipv4
Updated by Chris Buechler over 11 years ago
- Status changed from New to Resolved
- Target version set to 2.1
this was actually implemented in 2.1 recently. There's a duplicate ticket here somewhere for it.