From 7210f016ebe663e19a140096ffa1474d63674114 Mon Sep 17 00:00:00 2001 From: Monviech <79600909+Monviech@users.noreply.github.com> Date: Fri, 4 Apr 2025 08:42:13 +0200 Subject: [PATCH] dnsmasq: Implement a light validation for option6 values (#8520) * dnsmasq: Implement a light validation for option6 values as they require to be wrapped inside square brackets if they contain an IPv6 address * dnsmasq: Improve the IPv6 bracket check, also handle multiple ipv6 addresses that are comma separated, use isIpv6Address() * dnsmasq: Put IPv6 value check inline since dhcp-match and dhcp-option have been unified in master. * Update src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php Co-authored-by: Ad Schellevis * Update src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php Co-authored-by: Ad Schellevis * dnsmasq: trim value directly --------- Co-authored-by: Ad Schellevis --- .../app/models/OPNsense/Dnsmasq/Dnsmasq.php | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php index 89a471b3f..dfcf5c570 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php +++ b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php @@ -31,6 +31,7 @@ namespace OPNsense\Dnsmasq; use OPNsense\Base\BaseModel; use OPNsense\Base\Messages\Message; use OPNsense\Core\Backend; +use OPNsense\Firewall\Util; /** * Class Dnsmasq @@ -259,6 +260,26 @@ class Dnsmasq extends BaseModel ) ); } + + if ( + !$option->value->isEmpty() && + !$option->option6->isEmpty() + ) { + $values = array_map('trim', explode(',', (string)$option->value)); + foreach ($values as $value) { + if ( + Util::isIpv6Address(trim($value, '[]')) && + !(str_starts_with($value, '[') && str_ends_with($value, ']')) + ) { + $messages->appendMessage( + new Message( + gettext("Each IPv6 address must be wrapped inside square brackets '[fe80::]'."), + $key . ".value" + ) + ); + } + } + } } if (