mirror of https://github.com/Icinga/icinga2.git
Improve error handling in cidr_match function
refs #10354 Signed-off-by: Gunnar Beutner <gunnar@beutner.name>
This commit is contained in:
parent
bb9348913d
commit
dc92e2630d
|
@ -143,6 +143,26 @@ bool Utility::Match(const String& pattern, const String& text)
|
||||||
return (match(pattern.CStr(), text.CStr()) == 0);
|
return (match(pattern.CStr(), text.CStr()) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool ParseIp(const String& ip, char addr[16], int *proto)
|
||||||
|
{
|
||||||
|
if (inet_pton(AF_INET, ip.CStr(), addr + 12) == 1) {
|
||||||
|
/* IPv4-mapped IPv6 address (::ffff:<ipv4-bits>) */
|
||||||
|
memset(addr, 0, 10);
|
||||||
|
memset(addr + 10, 0xff, 2);
|
||||||
|
*proto = AF_INET;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (inet_pton(AF_INET6, ip.CStr(), addr) == 1) {
|
||||||
|
*proto = AF_INET6;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
static void ParseIpMask(const String& ip, char mask[16], int *bits)
|
static void ParseIpMask(const String& ip, char mask[16], int *bits)
|
||||||
{
|
{
|
||||||
String::SizeType slashp = ip.FindFirstOf("/");
|
String::SizeType slashp = ip.FindFirstOf("/");
|
||||||
|
@ -156,23 +176,20 @@ static void ParseIpMask(const String& ip, char mask[16], int *bits)
|
||||||
*bits = Convert::ToLong(ip.SubStr(slashp + 1));
|
*bits = Convert::ToLong(ip.SubStr(slashp + 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* IPv4-mapped IPv6 address (::ffff:<ipv4-bits>) */
|
int proto;
|
||||||
memset(mask, 0, 10);
|
|
||||||
memset(mask + 10, 0xff, 2);
|
if (!ParseIp(uip, mask, &proto))
|
||||||
if (inet_pton(AF_INET, uip.CStr(), mask + 12) < 1) {
|
|
||||||
if (inet_pton(AF_INET6, uip.CStr(), mask) < 1) {
|
|
||||||
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid IP address specified."));
|
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid IP address specified."));
|
||||||
}
|
|
||||||
} else
|
if (proto == AF_INET)
|
||||||
*bits += 96;
|
*bits += 96;
|
||||||
|
|
||||||
if (slashp == String::NPos)
|
if (slashp == String::NPos)
|
||||||
*bits = 128;
|
*bits = 128;
|
||||||
|
|
||||||
if (*bits > 128)
|
if (*bits > 128 || *bits < 0)
|
||||||
BOOST_THROW_EXCEPTION(std::invalid_argument("Mask must not be greater than 128."));
|
BOOST_THROW_EXCEPTION(std::invalid_argument("Mask must be between 0 and 128."));
|
||||||
|
|
||||||
/* TODO: validate mask */
|
|
||||||
for (int i = 0; i < 16; i++) {
|
for (int i = 0; i < 16; i++) {
|
||||||
int lbits = *bits - i * 8;
|
int lbits = *bits - i * 8;
|
||||||
|
|
||||||
|
@ -204,17 +221,17 @@ static bool IpMaskCheck(char addr[16], char mask[16], int bits)
|
||||||
|
|
||||||
bool Utility::CidrMatch(const String& pattern, const String& ip)
|
bool Utility::CidrMatch(const String& pattern, const String& ip)
|
||||||
{
|
{
|
||||||
char mask[16], addr[16];
|
char mask[16];
|
||||||
int bits;
|
int bits;
|
||||||
|
|
||||||
try {
|
|
||||||
ParseIpMask(ip, addr, &bits);
|
|
||||||
} catch (const std::exception&) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
ParseIpMask(pattern, mask, &bits);
|
ParseIpMask(pattern, mask, &bits);
|
||||||
|
|
||||||
|
char addr[16];
|
||||||
|
int proto;
|
||||||
|
|
||||||
|
if (!ParseIp(ip, addr, &proto))
|
||||||
|
return false;
|
||||||
|
|
||||||
return IpMaskCheck(addr, mask, bits);
|
return IpMaskCheck(addr, mask, bits);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue