From faa0f891c3bed6fcff45112c5e81c882147e41c1 Mon Sep 17 00:00:00 2001
From: Christian Hofstaedtler <christian@hofstaedtler.name>
Date: Mon, 17 Feb 2014 15:30:56 +0100
Subject: [PATCH] JSON API: Recursor: refuse invalid netmasks in allow-from

---
 pdns/ws-recursor.cc                         | 8 ++++++++
 regression-tests.api/test_RecursorConfig.py | 1 +
 2 files changed, 9 insertions(+)

diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index e103d17b92..4ee34e28bc 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -76,6 +76,14 @@ static void apiServerConfigAllowFrom(HttpRequest* req, HttpResponse* resp)
       throw ApiException("'value' must be an array");
     }
 
+    for (SizeType i = 0; i < jlist.Size(); ++i) {
+      try {
+        Netmask(jlist[i].GetString());
+      } catch (NetmaskException &e) {
+        throw ApiException(e.reason);
+      }
+    }
+
     ostringstream ss;
 
     // Clear allow-from-file if set, so our changes take effect
diff --git a/regression-tests.api/test_RecursorConfig.py b/regression-tests.api/test_RecursorConfig.py
index ede214af75..1f98bd2cb0 100644
--- a/regression-tests.api/test_RecursorConfig.py
+++ b/regression-tests.api/test_RecursorConfig.py
@@ -30,3 +30,4 @@ class RecursorConfig(ApiTestCase):
             headers={'content-type': 'application/json'})
         self.assertEquals(r.status_code, 422)
         data = r.json()
+        self.assertIn('Unable to convert', data['error'])
-- 
2.47.2