From fc1e91cca425c8e929df76dad4488066070879dd Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 3 Jun 2019 12:41:36 +0200
Subject: [PATCH] vlan: Validate ID

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/functions/functions.vlan | 25 ++++++++++++++++++++++++-
 src/hooks/ports/vlan         | 26 +++++++++-----------------
 2 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
index 9a70c954..ee2fb340 100644
--- a/src/functions/functions.vlan
+++ b/src/functions/functions.vlan
@@ -24,6 +24,23 @@ PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
 
 VLAN_PORT_INTERFIX="v"
 
+vlan_valid_id() {
+	local id="${1}"
+
+	# Must be an integer
+	if ! isinteger id; then
+		return ${EXIT_FALSE}
+	fi
+
+	# Must be between 1 and 4095
+	if [ ${id} -ge 1 ] && [ ${id} -le 4096 ]; then
+		return ${EXIT_TRUE}
+	fi
+
+	# Otherwise this is invalid
+	return ${EXIT_FALSE}
+}
+
 vlan_create() {
 	local device="${1}"
 	shift
@@ -31,7 +48,7 @@ vlan_create() {
 	assert isset device
 
 	local address
-	local id
+	local id=1
 	local parent
 
 	# Parse command line arguments
@@ -65,6 +82,12 @@ vlan_create() {
 		return ${EXIT_ERROR}
 	fi
 
+	# Check VLAN ID
+	if ! vlan_valid_id "${id}"; then
+		log ERROR "Invalid VLAN ID: ${id}"
+		return ${EXIT_ERROR}
+	fi
+
 	# Check if a device with the name does already exist
 	if device_exists "${device}"; then
 		log ERROR "Device '${device}' already exists"
diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
index 97b69851..7f99dbcd 100644
--- a/src/hooks/ports/vlan
+++ b/src/hooks/ports/vlan
@@ -30,25 +30,11 @@ HOOK_SETTINGS=(
 PORT_PARENTS_VAR="PARENT_PORT"
 
 hook_check_settings() {
+	assert ismac ADDRESS
 	assert isset PARENT_PORT
-	assert isinteger ID
-
-	if isset ADDRESS; then
-		assert ismac ADDRESS
-	fi
-
-	if [ ${ID} -gt 4096 ]; then
-		error "ID is greater than 4096."
-		exit ${EXIT_ERROR}
-	fi
 
-	local reserved
-	for reserved in 0 4095; do
-		if [ "${ID}" = "${reserved}" ]; then
-			error "ID=${reserved} is reserved."
-			exit ${EXIT_ERROR}
-		fi
-	done
+	assert isinteger ID
+	assert vlan_valid_id "${ID}"
 }
 
 hook_find_port_name() {
@@ -72,6 +58,12 @@ hook_parse_cmdline() {
 				;;
 			--id=*)
 				ID=$(cli_get_val "${1}")
+
+				# Validate VLAN ID
+				if ! vlan_valid_id "${ID}"; then
+					error "Invalid VLAN ID: ${ID}"
+					return ${EXIT_CONF_ERROR}
+				fi
 				;;
 			--port=*)
 				PARENT_PORT=$(cli_get_val "${1}")
-- 
2.39.2