From bc97b7c0dbe918d2a174f4420089065063630600 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Tue, 26 Jan 2016 15:25:01 +0100 Subject: [PATCH] Validate IP addresses before passing to the firewall module. Use the external Net::IP perl module to do a proper IPv4/IPv6 address or network validation. Signed-off-by: Stefan Schantl --- modules/Base.pm | 19 +++++++++++++++++++ modules/Events.pm | 6 +++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/modules/Base.pm b/modules/Base.pm index 2f5e737..96ea256 100644 --- a/modules/Base.pm +++ b/modules/Base.pm @@ -6,6 +6,8 @@ use Exporter qw(import); our @EXPORT_OK = qw(GenerateMonitoredFiles FilePositions); +use Net::IP; + # ## Function to generate a hash of monitored files and their file positions. # @@ -116,6 +118,23 @@ sub FilePositions (\%\%) { return %new_file_positions; } +# +## Wrapper function for IP address and network validation. +# +## This wrapper function uses the external Net::IP perl module to +## check if a given input is a valid IPv4/IPv6 address or network. +# +sub IsValidAddressOrNetwork ($) { + my $address = shift; + + # Check if the address is a valid IPv4/IPv6 address or network. + # Return "undef" False if the address is not valid. + my $ip = new Net::IP ($address) || return undef; + + # If we got here, the address is valid. Return True. + return 1; +} + # ## Function for fileposition initialization. # diff --git a/modules/Events.pm b/modules/Events.pm index 2f4b561..b60a572 100644 --- a/modules/Events.pm +++ b/modules/Events.pm @@ -77,8 +77,12 @@ sub CheckAction ($$) { return; } - # XXX # Check if the given address is valid. + unless(&Guardian::Base::IsValidAddressOrNetwork($address)) { + # Log error message. + $logger->Log("err", "Invalid IP address: $address"); + return; + } # Call required handler. my $error = $commands{$command}->($self, $address, $module, $message); -- 2.39.2