render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
7a3408
From 7e53d60afb8509a57caea28c95aa61a694bd29f8 Mon Sep 17 00:00:00 2001
7a3408
Message-Id: <7e53d60afb8509a57caea28c95aa61a694bd29f8@dist-git>
7a3408
From: Laine Stump <laine@laine.org>
7a3408
Date: Mon, 10 Aug 2015 02:46:45 -0400
7a3408
Subject: [PATCH] network: verify proper address family in updates to <host>
7a3408
 and <range>
7a3408
7a3408
By specifying parentIndex in a call to virNetworkUpdate(), it was
7a3408
possible to direct libvirt to add a dhcp range or static host of a
7a3408
non-matching address family to the <dhcp> element of an <ip>. For
7a3408
example, given:
7a3408
7a3408
 <ip address='192.168.122.1' netmask='255.255.255.0'/>
7a3408
 <ip family='ipv6' address='2001:db6:ca3:45::1' prefix='64'/>
7a3408
7a3408
you could provide a static host entry with an IPv4 address, and
7a3408
specify that it be added to the 2nd <ip> element (index 1):
7a3408
7a3408
  virsh net-update default add ip-dhcp-host --parent-index 1 \
7a3408
  '<host mac="52:54:00:00:00:01" ip="192.168.122.45"/>'
7a3408
7a3408
This would be happily added with no error (and no concern of any
7a3408
possible future consequences).
7a3408
7a3408
This patch checks that any dhcp range or host element being added to a
7a3408
network ip's <dhcp> subelement has addresses of the same family as the
7a3408
ip element they are being added to.
7a3408
7a3408
This resolves:
7a3408
7a3408
  https://bugzilla.redhat.com/show_bug.cgi?id=1184736
7a3408
7a3408
(cherry picked from commit 6a21bc119e37bafcbe5cfd13e57080d651296b43)
7a3408
7a3408
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
7a3408
---
7a3408
 src/conf/network_conf.c | 17 +++++++++++++++++
7a3408
 1 file changed, 17 insertions(+)
7a3408
7a3408
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
7a3408
index 72006e9..0ebb373 100644
7a3408
--- a/src/conf/network_conf.c
7a3408
+++ b/src/conf/network_conf.c
7a3408
@@ -3498,6 +3498,15 @@ virNetworkDefUpdateIPDHCPHost(virNetworkDefPtr def,
7a3408
                                       &host, partialOkay) < 0)
7a3408
         goto cleanup;
7a3408
 
7a3408
+    if (!partialOkay &&
7a3408
+        VIR_SOCKET_ADDR_FAMILY(&ipdef->address)
7a3408
+        != VIR_SOCKET_ADDR_FAMILY(&host.ip)) {
7a3408
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
7a3408
+                       _("the address family of a host entry IP must match "
7a3408
+                         "the address family of the dhcp element's parent"));
7a3408
+        goto cleanup;
7a3408
+    }
7a3408
+
7a3408
     if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) {
7a3408
 
7a3408
         /* search for the entry with this (ip|mac|name),
7a3408
@@ -3635,6 +3644,14 @@ virNetworkDefUpdateIPDHCPRange(virNetworkDefPtr def,
7a3408
     if (virSocketAddrRangeParseXML(def->name, ipdef, ctxt->node, &range) < 0)
7a3408
         goto cleanup;
7a3408
 
7a3408
+    if (VIR_SOCKET_ADDR_FAMILY(&ipdef->address)
7a3408
+        != VIR_SOCKET_ADDR_FAMILY(&range.start)) {
7a3408
+        virReportError(VIR_ERR_OPERATION_INVALID, "%s",
7a3408
+                       _("the address family of a dhcp range must match "
7a3408
+                         "the address family of the dhcp element's parent"));
7a3408
+        goto cleanup;
7a3408
+    }
7a3408
+
7a3408
     /* check if an entry with same name/address/ip already exists */
7a3408
     for (i = 0; i < ipdef->nranges; i++) {
7a3408
         if (virSocketAddrEqual(&range.start, &ipdef->ranges[i].start) &&
7a3408
-- 
7a3408
2.5.0
7a3408