135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add some protections to ACLs and an error log, following #686

Browse Source
This commit is contained in:
Oliver Gorwits
2019-12-30 11:23:17 +00:00
parent e42c2135c4
commit e982aded09
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/App/Netdisco/Util/Permission.pm
View File

@@ -101,7 +101,11 @@ sub check_acl {
return 0 if !defined $real_ip return 0 if !defined $real_ip
or blessed $real_ip; # class we do not understand or blessed $real_ip; # class we do not understand
$config = [$config] if ref [] ne ref $config; $config = [$config] if ref '' eq ref $config;
if (ref [] ne ref $config) {
error "error: acl is not a single item or list (cannot compare to $real_ip)";
return 0;
}
my $all = (scalar grep {$_ eq 'op:and'} @$config); my $all = (scalar grep {$_ eq 'op:and'} @$config);
# common case of using plain IP in ACL, so string compare for speed # common case of using plain IP in ACL, so string compare for speed
@@ -201,6 +205,9 @@ sub check_acl {
next INLIST; next INLIST;
} }
# could be something in error, and IP/host is only option left
next INLIST if ref $item;
my $ip = NetAddr::IP::Lite->new($item) my $ip = NetAddr::IP::Lite->new($item)
or next INLIST; or next INLIST;
next INLIST if $ip->bits != $addr->bits and not $all; next INLIST if $ip->bits != $addr->bits and not $all;