From 918d9998e1855879e35b039430b71277e3200814 Mon Sep 17 00:00:00 2001
From: Alex Meade <alex.meade@rackspace.com>
Date: Mon, 16 Jan 2012 15:35:08 +0000
Subject: Add ipv4 and ipv6 validation

Fixes bug 891264

Change-Id: Ie5975a6ee8129392b308d405ab5cb9303bdd0a89
---
 nova/api/openstack/compute/servers.py | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/compute/servers.py b/nova/api/openstack/compute/servers.py
index e90e30b7d..941629244 100644
--- a/nova/api/openstack/compute/servers.py
+++ b/nova/api/openstack/compute/servers.py
@@ -16,6 +16,7 @@
 
 import base64
 import os
+import socket
 from xml.dom import minidom
 
 from webob import exc
@@ -568,6 +569,20 @@ class Controller(wsgi.Controller):
             expl = _('Userdata content cannot be decoded')
             raise exc.HTTPBadRequest(explanation=expl)
 
+    def _validate_access_ipv4(self, address):
+        try:
+            socket.inet_aton(address)
+        except socket.error:
+            expl = _('accessIPv4 is not proper IPv4 format')
+            raise exc.HTTPBadRequest(explanation=expl)
+
+    def _validate_access_ipv6(self, address):
+        try:
+            socket.inet_pton(socket.AF_INET6, address)
+        except socket.error:
+            expl = _('accessIPv4 is not proper IPv4 format')
+            raise exc.HTTPBadRequest(explanation=expl)
+
     @wsgi.serializers(xml=ServerTemplate)
     @exception.novaclient_converter
     @scheduler_api.redirect_handler
@@ -634,6 +649,14 @@ class Controller(wsgi.Controller):
             requested_networks = self._get_requested_networks(
                                                     requested_networks)
 
+        (access_ip_v4, ) = server_dict.get('accessIPv4'),
+        if access_ip_v4 is not None:
+            self._validate_access_ipv4(access_ip_v4)
+
+        (access_ip_v6, ) = server_dict.get('accessIPv6'),
+        if access_ip_v6 is not None:
+            self._validate_access_ipv6(access_ip_v6)
+
         try:
             flavor_id = self._flavor_id_from_req_data(body)
         except ValueError as error:
@@ -687,8 +710,8 @@ class Controller(wsgi.Controller):
                             display_description=name,
                             key_name=key_name,
                             metadata=server_dict.get('metadata', {}),
-                            access_ip_v4=server_dict.get('accessIPv4'),
-                            access_ip_v6=server_dict.get('accessIPv6'),
+                            access_ip_v4=access_ip_v4,
+                            access_ip_v6=access_ip_v6,
                             injected_files=injected_files,
                             admin_password=password,
                             zone_blob=zone_blob,
@@ -767,10 +790,12 @@ class Controller(wsgi.Controller):
 
         if 'accessIPv4' in body['server']:
             access_ipv4 = body['server']['accessIPv4']
+            self._validate_access_ipv4(access_ipv4)
             update_dict['access_ip_v4'] = access_ipv4.strip()
 
         if 'accessIPv6' in body['server']:
             access_ipv6 = body['server']['accessIPv6']
+            self._validate_access_ipv6(access_ipv6)
             update_dict['access_ip_v6'] = access_ipv6.strip()
 
         if 'auto_disk_config' in body['server']:
@@ -1008,6 +1033,12 @@ class Controller(wsgi.Controller):
             'metadata': 'metadata',
         }
 
+        if 'accessIPv4' in body:
+            self._validate_access_ipv4(body['accessIPv4'])
+
+        if 'accessIPv6' in body:
+            self._validate_access_ipv6(body['accessIPv6'])
+
         kwargs = {}
 
         for request_attribute, instance_attribute in attr_map.items():
-- 
cgit