iprange: implemneted modules iprange to validate ip addresses of controlling connection and tunnel

         It will check that ip address of tunnel is not in range of clients ip addresses.
         This will avoid kernel softlockups due to loopback occured.

1 files changed, 9 insertions, 0 deletions

diff --git a/accel-pptpd/ppp/ipcp_opt_ipaddr.c b/accel-pptpd/ppp/ipcp_opt_ipaddr.c
index ddfb3d20..6e52cfab 100644
--- a/accel-pptpd/ppp/ipcp_opt_ipaddr.c
+++ b/accel-pptpd/ppp/ipcp_opt_ipaddr.c
@@ -10,6 +10,7 @@
 #include "ppp_ipcp.h"
 #include "log.h"
 #include "ipdb.h"
+#include "iprange.h"
 
 static struct ipcp_option_t *ipaddr_init(struct ppp_ipcp_t *ipcp);
 static void ipaddr_free(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *opt);
@@ -65,6 +66,14 @@ static int ipaddr_send_conf_req(struct ppp_ipcp_t *ipcp, struct ipcp_option_t *o
 		log_warn("ppp:ipcp: no free IP address\n");
 		return -1;
 	}
+	if (!iprange_client_check(ipaddr_opt->peer_addr)) {
+		log_warn("ppp:ipcp: to avoid hard loops requested IP cannot be assigned (%i.%i.%i.%i)\n",
+			ipaddr_opt->peer_addr&0xff, 
+			(ipaddr_opt->peer_addr >> 8)&0xff, 
+			(ipaddr_opt->peer_addr >> 16)&0xff, 
+			(ipaddr_opt->peer_addr >> 24)&0xff);
+		return -1;
+	}
 	
 	opt32->hdr.id=CI_ADDR;
 	opt32->hdr.len=6;