diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-08-16 19:23:52 +0200 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-16 19:23:52 +0200 | 
| commit | 1f880973e221b91ac843a27d2e4c0b3de1880b97 (patch) | |
| tree | bb3f4c79bbd75f6decbef58cc97d1676167c36ee | |
| parent | 8093312a899b898da73c9491d68768a2020332ac (diff) | |
| parent | d69b7989620da1348fe187975dc5a1c467400354 (diff) | |
| download | vyos-1x-1f880973e221b91ac843a27d2e4c0b3de1880b97.tar.gz vyos-1x-1f880973e221b91ac843a27d2e4c0b3de1880b97.zip | |
Merge pull request #1475 from sever-sever/T4613
upnp: T4613: Verify listen key in dictionary
| -rw-r--r-- | interface-definitions/service-upnp.xml.in | 12 | ||||
| -rwxr-xr-x | src/conf_mode/service_upnp.py | 19 | 
2 files changed, 19 insertions, 12 deletions
| diff --git a/interface-definitions/service-upnp.xml.in b/interface-definitions/service-upnp.xml.in index a129b7260..b1e6f170a 100644 --- a/interface-definitions/service-upnp.xml.in +++ b/interface-definitions/service-upnp.xml.in @@ -103,19 +103,19 @@                </valueHelp>                <valueHelp>                  <format>ipv4</format> -                <description>IP address to listen for incoming connections</description> +                <description>IPv4 address to listen for incoming connections</description>                </valueHelp>                <valueHelp> -                <format>ipv4-prefix</format> -                <description>IP prefix to listen for incoming connections</description> +                <format>ipv4net</format> +                <description>IPv4 prefix to listen for incoming connections</description>                </valueHelp>                <valueHelp>                  <format>ipv6</format> -                <description>IP address to listen for incoming connections</description> +                <description>IPv6 address to listen for incoming connections</description>                </valueHelp>                <valueHelp> -                <format>ipv6-prefix</format> -                <description>IP prefix to listen for incoming connections</description> +                <format>ipv6net</format> +                <description>IPv6 prefix to listen for incoming connections</description>                </valueHelp>                <multi/>                <constraint> diff --git a/src/conf_mode/service_upnp.py b/src/conf_mode/service_upnp.py index 36f3e18a7..c798fd515 100755 --- a/src/conf_mode/service_upnp.py +++ b/src/conf_mode/service_upnp.py @@ -24,8 +24,6 @@ from ipaddress import IPv6Network  from vyos.config import Config  from vyos.configdict import dict_merge -from vyos.configdict import get_interface_dict -from vyos.configverify import verify_vrf  from vyos.util import call  from vyos.template import render  from vyos.template import is_ipv4 @@ -113,19 +111,28 @@ def verify(upnpd):      listen_dev = []      system_addrs_cidr = get_all_interface_addr(True, [], [netifaces.AF_INET, netifaces.AF_INET6])      system_addrs = get_all_interface_addr(False, [], [netifaces.AF_INET, netifaces.AF_INET6]) +    if 'listen' not in upnpd: +        raise ConfigError(f'Listen address or interface is required!')      for listen_if_or_addr in upnpd['listen']:          if listen_if_or_addr not in netifaces.interfaces():              listen_dev.append(listen_if_or_addr) -        if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and (listen_if_or_addr not in netifaces.interfaces()): +        if (listen_if_or_addr not in system_addrs) and (listen_if_or_addr not in system_addrs_cidr) and \ +                (listen_if_or_addr not in netifaces.interfaces()):              if is_ipv4(listen_if_or_addr) and IPv4Network(listen_if_or_addr).is_multicast: -                raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!') +                raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed' +                                  f'to listen on. It is not an interface address nor a multicast address!')              if is_ipv6(listen_if_or_addr) and IPv6Network(listen_if_or_addr).is_multicast: -                raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed to listen on. It is not an interface address nor a multicast address!') +                raise ConfigError(f'The address "{listen_if_or_addr}" is an address that is not allowed' +                                  f'to listen on. It is not an interface address nor a multicast address!')      system_listening_dev_addrs_cidr = get_all_interface_addr(True, listen_dev, [netifaces.AF_INET6])      system_listening_dev_addrs = get_all_interface_addr(False, listen_dev, [netifaces.AF_INET6])      for listen_if_or_addr in upnpd['listen']: -        if listen_if_or_addr not in netifaces.interfaces() and (listen_if_or_addr not in system_listening_dev_addrs_cidr) and (listen_if_or_addr not in system_listening_dev_addrs) and is_ipv6(listen_if_or_addr) and (not IPv6Network(listen_if_or_addr).is_multicast): +        if listen_if_or_addr not in netifaces.interfaces() and \ +                (listen_if_or_addr not in system_listening_dev_addrs_cidr) and \ +                (listen_if_or_addr not in system_listening_dev_addrs) and \ +                is_ipv6(listen_if_or_addr) and \ +                (not IPv6Network(listen_if_or_addr).is_multicast):              raise ConfigError(f'{listen_if_or_addr} must listen on the interface of the network card')  def generate(upnpd): | 
