diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-08-16 19:23:52 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-16 19:23:52 +0200 |
commit | 1f880973e221b91ac843a27d2e4c0b3de1880b97 (patch) | |
tree | bb3f4c79bbd75f6decbef58cc97d1676167c36ee | |
parent | 8093312a899b898da73c9491d68768a2020332ac (diff) | |
parent | d69b7989620da1348fe187975dc5a1c467400354 (diff) | |
download | vyos-1x-1f880973e221b91ac843a27d2e4c0b3de1880b97.tar.gz vyos-1x-1f880973e221b91ac843a27d2e4c0b3de1880b97.zip |
Merge pull request #1475 from sever-sever/T4613
upnp: T4613: Verify listen key in dictionary
-rw-r--r-- | interface-definitions/service-upnp.xml.in | 12 | ||||
-rwxr-xr-x | src/conf_mode/service_upnp.py | 19 |
2 files changed, 19 insertions, 12 deletions
diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in index a129b7260..b1e6f170a 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service-upnp.xml.in @@ -103,19 +103,19 @@ </valueHelp> <valueHelp> <format>ipv4</format> - <description>IP address to listen for incoming connections</description> + <description>IPv4 address to listen for incoming connections</description> </valueHelp> <valueHelp> - <format>ipv4-prefix</format> - <description>IP prefix to listen for incoming connections</description> + <format>ipv4net</format> + <description>IPv4 prefix to listen for incoming connections</description> </valueHelp> <valueHelp> <format>ipv6</format> - <description>IP address to listen for incoming connections</description> + <description>IPv6 address to listen for incoming connections</description> </valueHelp> <valueHelp> - <format>ipv6-prefix</format> - <description>IP prefix to listen for incoming connections</description> + <format>ipv6net</format> + <description>IPv6 prefix to listen for incoming connections</description> </valueHelp> <multi/> <constraint> diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py index 36f3e18a7..c798fd515 100755 --- a/src/conf_mode/service_upnp.py +++ b/src/conf_mode/service_upnp.py @@ -24,8 +24,6 @@ from ipaddress import IPv6Network from vyos.config import Config from vyos.configdict import dict_merge -from vyos.configdict import get_interface_dict -from vyos.configverify import verify_vrf from vyos.util import call from vyos.template import render from vyos.template import is_ipv4 @@ -113,19 +111,28 @@ def verify(upnpd): listen_dev = [] system_addrs_cidr = get_all_interface_addr(True, [], [netifaces.AF_INET, netifaces.AF_INET6]) system_addrs = get_all_interface_addr(False, [], [netifaces.AF_INET, netifaces.AF_INET6]) + if 'listen' not in upnpd: + raise ConfigError(f'Listen address or interface is required!') for listen_if_or_addr in upnpd['listen']: if listen_if_or_addr not in netifaces.interfaces(): listen_dev.append(listen_if_or_addr) - if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and (listen_if_or_addr not in netifaces.interfaces()): + if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and \ + (listen_if_or_addr not in netifaces.interfaces()): if is_ipv4(listen_if_or_addr) and IPv4Network(listen_if_or_addr).is_multicast: - raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!') + raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed' + f'to listen on. It is not an interface address nor a multicast address!') if is_ipv6(listen_if_or_addr) and IPv6Network(listen_if_or_addr).is_multicast: - raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!') + raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed' + f'to listen on. It is not an interface address nor a multicast address!') system_listening_dev_addrs_cidr = get_all_interface_addr(True, listen_dev, [netifaces.AF_INET6]) system_listening_dev_addrs = get_all_interface_addr(False, listen_dev, [netifaces.AF_INET6]) for listen_if_or_addr in upnpd['listen']: - if listen_if_or_addr not in netifaces.interfaces() and (listen_if_or_addr not in system_listening_dev_addrs_cidr) and (listen_if_or_addr not in system_listening_dev_addrs) and is_ipv6(listen_if_or_addr) and (not IPv6Network(listen_if_or_addr).is_multicast): + if listen_if_or_addr not in netifaces.interfaces() and \ + (listen_if_or_addr not in system_listening_dev_addrs_cidr) and \ + (listen_if_or_addr not in system_listening_dev_addrs) and \ + is_ipv6(listen_if_or_addr) and \ + (not IPv6Network(listen_if_or_addr).is_multicast): raise ConfigError(f'{listen_if_or_addr} must listen on the interface of the network card') def generate(upnpd): |