From 3d638830df5a3ae2957d694a3647feadd6ba405b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20Rodr=C3=ADguez?= Date: Tue, 5 Nov 2024 19:20:10 +0100 Subject: [PATCH] B #132: Sanitize/Check valid IPv4s If a default gateway is an invalid IP (or a space character) it leads to an error. Also, the `ONEGATE_ENDPOINT` regex has been modified. --- .../src/etc/one-context.d/loc-10-network.d/functions | 6 +++++- .../etc/one-context.d/loc-10-network.d/netcfg-interfaces | 2 +- .../src/etc/one-context.d/loc-10-network.d/netcfg-networkd | 2 +- .../src/etc/one-context.d/loc-10-network.d/netcfg-nm | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/context-linux/src/etc/one-context.d/loc-10-network.d/functions b/context-linux/src/etc/one-context.d/loc-10-network.d/functions index 9f781c76..2efe0934 100644 --- a/context-linux/src/etc/one-context.d/loc-10-network.d/functions +++ b/context-linux/src/etc/one-context.d/loc-10-network.d/functions @@ -619,7 +619,7 @@ is_link_local() { get_onegate_ip() { if [[ -n $ONEGATE_ENDPOINT ]]; then # Regular expression to match an IPv4 address - ipv4_regex="([0-9]{1,3}\.){3}[0-9]{1,3}" + ipv4_regex="(([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\.){3}([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))" export onegate_host=$(echo "$ONEGATE_ENDPOINT" | grep -oE "$ipv4_regex") fi @@ -628,3 +628,7 @@ get_onegate_ip() { missing_onegate_proxy_route() { is_link_local "$onegate_host" && [[ $onegate_proxy_route_missing == "yes" ]] } + +valid_ipv4() { + [[ -n "$1" && "$1" =~ ^(([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\.){3}([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))$ ]] +} diff --git a/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-interfaces b/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-interfaces index 1719f9df..a573aeea 100644 --- a/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-interfaces +++ b/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-interfaces @@ -149,7 +149,7 @@ iface ${dev} inet static netmask ${mask} EOT - if [ -n "$gateway" ]; then + if valid_ipv4 $gateway; then echo " gateway ${gateway}" if [ -n "$metric" ]; then diff --git a/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-networkd b/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-networkd index b07c7135..92e660ea 100644 --- a/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-networkd +++ b/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-networkd @@ -109,7 +109,7 @@ EOT echo "[Route]" - if [ -n "$gateway" ]; then + if valid_ipv4 $gateway; then echo "Gateway=${gateway}" if [ -n "$metric" ]; then diff --git a/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-nm b/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-nm index 6ef3c21b..54782ae9 100644 --- a/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-nm +++ b/context-linux/src/etc/one-context.d/loc-10-network.d/netcfg-nm @@ -120,7 +120,7 @@ gen_iface_conf() { nmcli con mod "${dev}" ipv4.method manual ipv4.addresses "${ip}/${cidr}" - if [ -n "$gateway" ]; then + if valid_ipv4 $gateway; then nmcli con mod "${dev}" ipv4.gateway "${gateway}" else nmcli con mod "${dev}" ipv4.gateway ""