lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 02:54:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

library / Firewall\Util::isIPInCIDR extend sanity checks, closes https://github.com/opnsense/core/pull/7978

Browse Source 
The existing sanity checks only prevented a non-ip address from being accepted, but ignored the fact a netmaskt might either be faulty or of a different ip familily.
This commit extends the test to the cidr part and ip family.
This commit is contained in:
Ad Schellevis 2024-10-18 08:57:04 +02:00
parent 70df0a15f7
commit 8e234dc241
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/opnsense/mvc/app/library/OPNsense/Firewall/Util.php
View File

@ -407,15 +407,15 @@ class Util
*/
public static function isIPInCIDR($ip, $cidr)
{
if (!self::isIpAddress($ip)) {
if (!self::isIpAddress($ip) || !self::isSubnet($cidr)) {
return false;
}
if (str_contains($ip, ':')) {
} elseif (str_contains($ip, ':') && str_contains($cidr, ':')) {
return self::isIPv6InCIDR($ip, $cidr);
} elseif (!str_contains($ip, ':') && !str_contains($cidr, ':')) {
return self::isIPv4InCIDR($ip, $cidr);
}
return false;
return self::isIPv4InCIDR($ip, $cidr);
}
/**