From: Stefan Schantl Date: Tue, 26 Jan 2016 14:25:01 +0000 (+0100) Subject: Validate IP addresses before passing to the firewall module. X-Git-Tag: 2.0~41 X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fguardian.git;a=commitdiff_plain;h=bc97b7c0dbe918d2a174f4420089065063630600;hp=7a6a268295054bdde300e10e10db13d61c82db62 Validate IP addresses before passing to the firewall module. Use the external Net::IP perl module to do a proper IPv4/IPv6 address or network validation. Signed-off-by: Stefan Schantl --- diff --git a/modules/Base.pm b/modules/Base.pm index 2f5e737..96ea256 100644 --- a/modules/Base.pm +++ b/modules/Base.pm @@ -6,6 +6,8 @@ use Exporter qw(import); our @EXPORT_OK = qw(GenerateMonitoredFiles FilePositions); +use Net::IP; + # ## Function to generate a hash of monitored files and their file positions. # @@ -116,6 +118,23 @@ sub FilePositions (\%\%) { return %new_file_positions; } +# +## Wrapper function for IP address and network validation. +# +## This wrapper function uses the external Net::IP perl module to +## check if a given input is a valid IPv4/IPv6 address or network. +# +sub IsValidAddressOrNetwork ($) { + my $address = shift; + + # Check if the address is a valid IPv4/IPv6 address or network. + # Return "undef" False if the address is not valid. + my $ip = new Net::IP ($address) || return undef; + + # If we got here, the address is valid. Return True. + return 1; +} + # ## Function for fileposition initialization. # diff --git a/modules/Events.pm b/modules/Events.pm index 2f4b561..b60a572 100644 --- a/modules/Events.pm +++ b/modules/Events.pm @@ -77,8 +77,12 @@ sub CheckAction ($$) { return; } - # XXX # Check if the given address is valid. + unless(&Guardian::Base::IsValidAddressOrNetwork($address)) { + # Log error message. + $logger->Log("err", "Invalid IP address: $address"); + return; + } # Call required handler. my $error = $commands{$command}->($self, $address, $module, $message);