Skip to content

Commit 68707f6

Browse files
VishalDalwadiVishalDalwadi
authored
Release v1.1.0 Fixes (#3649)
* fix(go): prevent creating network with fully-masked cidr; * fix(go): filter out static non-user nodes; * fix(go): prevent creation of networks with only broadcast and network ip;
1 parent 924fcf9 commit 68707f6

File tree

2 files changed

+37
-6
lines changed

2 files changed

+37
-6
lines changed

controllers/network.go

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -575,21 +575,40 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
575575

576576
// validate address ranges: must be private
577577
if network.AddressRange != "" {
578-
_, _, err := net.ParseCIDR(network.AddressRange)
578+
_, cidr, err := net.ParseCIDR(network.AddressRange)
579579
if err != nil {
580580
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
581581
err.Error())
582582
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
583583
return
584+
} else {
585+
ones, bits := cidr.Mask.Size()
586+
if bits-ones <= 1 {
587+
err = fmt.Errorf("cannot create network with /31 or /32 cidr")
588+
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
589+
err.Error())
590+
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
591+
return
592+
}
584593
}
585594
}
595+
586596
if network.AddressRange6 != "" {
587-
_, _, err := net.ParseCIDR(network.AddressRange6)
597+
_, cidr, err := net.ParseCIDR(network.AddressRange6)
588598
if err != nil {
589599
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
590600
err.Error())
591601
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
592602
return
603+
} else {
604+
ones, bits := cidr.Mask.Size()
605+
if bits-ones <= 1 {
606+
err = fmt.Errorf("cannot create network with /127 or /128 cidr")
607+
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
608+
err.Error())
609+
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
610+
return
611+
}
593612
}
594613
}
595614

pro/controllers/users.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1498,6 +1498,10 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
14981498
continue
14991499
}
15001500

1501+
if extClient.RemoteAccessClientID == "" {
1502+
continue
1503+
}
1504+
15011505
_, ok := userExtClients[extClient.IngressGatewayID]
15021506
if !ok {
15031507
userExtClients[extClient.IngressGatewayID] = []models.ExtClient{}
@@ -1526,13 +1530,21 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
15261530
}
15271531
}
15281532

1529-
if !found {
1530-
// TODO: prevent ip clashes.
1531-
if len(extClients) > 0 {
1532-
gwClient = extClients[0]
1533+
if !found && req.RemoteAccessClientID != "" {
1534+
for _, extClient := range extClients {
1535+
if extClient.RemoteAccessClientID == req.RemoteAccessClientID {
1536+
gwClient = extClient
1537+
found = true
1538+
break
1539+
}
15331540
}
15341541
}
15351542

1543+
if !found && len(extClients) > 0 {
1544+
// TODO: prevent ip clashes.
1545+
gwClient = extClients[0]
1546+
}
1547+
15361548
host, err := logic.GetHost(node.HostID.String())
15371549
if err != nil {
15381550
continue

0 commit comments

Comments
 (0)