From 7e14fe6e37890591e4d6c9a0f36b5ac19571a14e Mon Sep 17 00:00:00 2001
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Wed, 13 Feb 2013 13:48:51 +0100
Subject: l2tp: Check for IP range before creating new tunnels

Refuse to initiate tunnel creation to peers not defined in the
"client-ip-range" configuration section.

Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
 accel-pppd/ctrl/l2tp/l2tp.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c
index 7e990d02..e41bb00d 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.c
+++ b/accel-pppd/ctrl/l2tp/l2tp.c
@@ -2458,6 +2458,13 @@ static int l2tp_create_tunnel_exec(const char *cmd, char * const *fields,
 	if (peer.sin_family == AF_UNSPEC)
 		return CLI_CMD_SYNTAX;
 
+	if (iprange_client_check(peer.sin_addr.s_addr) < 0) {
+		char addr[17];
+		u_inet_ntoa(peer.sin_addr.s_addr, addr);
+		cli_sendv(client, "Peer address %s out of IP range\r\n", addr);
+		return CLI_CMD_INVAL;
+	}
+
 	conn = l2tp_tunnel_alloc(&peer, &host, 3, lns_mode);
 	if (conn == NULL)
 		return CLI_CMD_FAILED;
-- 
cgit v1.2.3