From fd639bc88c2b811fda538988593dc8898ea5ab6d Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Fri, 27 May 2011 13:51:21 +0200
Subject: Do stricter checking of IP addressed passed to server install.

ticket 1213
---
 ipapython/ipautil.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'ipapython')

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 444487ad9..acfd70cae 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -95,6 +95,12 @@ class CheckedIPAddress(netaddr.IPAddress):
             raise ValueError("unsupported IP version")
         if addr.is_loopback():
             raise ValueError("cannot use loopback IP address")
+        if addr.is_reserved() or addr in netaddr.ip.IPV4_6TO4:
+            raise ValueError("cannot use IANA reserved IP address")
+        if addr.is_link_local():
+            raise ValueError("cannot use link-local IP address")
+        if addr.is_multicast():
+            raise ValueError("cannot use multicast IP address")
 
         if match_local:
             if addr.version == 4:
@@ -122,6 +128,11 @@ class CheckedIPAddress(netaddr.IPAddress):
             elif addr.version == 6:
                 net = netaddr.IPNetwork(str(addr) + '/64')
 
+        if addr == net.network:
+            raise ValueError("cannot use IP network address")
+        if addr.version == 4 and addr == net.broadcast:
+            raise ValueError("cannot use broadcast IP address")
+
         super(CheckedIPAddress, self).__init__(addr)
         self.prefixlen = net.prefixlen
         self.defaultnet = defnet
-- 
cgit