Bug 33211 – IP address not validated in DHCP pool

Bug 33211 - IP address not validated in DHCP pool


Summary:	IP address not validated in DHCP pool

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - DHCP
Version:	UCS 4.1
Hardware:	All Linux

Importance:	P5 minor (vote)
Target Milestone:	UCS 4.2
Assigned To:	Philipp Hahn
QA Contact:	Florian Best

URL:
Keywords:	interim-1

Duplicates:	36648 44136 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-11-08 13:10 CET by Philipp Hahn
Modified:	2021-04-27 11:21 CEST (History)
CC List:	3 users (show)

See Also:	36648 16923
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Usability
Max CVSS v3 score:

Flags:	hahn: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2013-11-08 13:10:26 CET

Nov  8 13:07:58 mas40 dhcpd: LDAP line 15: 1109 exceeds max (255) for precision.
Nov  8 13:07:58 mas40 dhcpd: range 10.0.17.100 10.0.17.1109;
Nov  8 13:07:58 mas40 dhcpd:                           ^
Nov  8 13:07:58 mas40 dhcpd: LDAP: cannot parse dhcpService entry 'cn=phahn.pt,cn=dhcp,dc=phahn,dc=pt'
Nov  8 13:07:58 mas40 dhcpd: Configuration file errors encountered -- exiting

Comment 1 Florian Best

2016-02-19 14:18:21 CET

curl 'http://Administrator:univention@xen3.school.local/univention-management-console/command/udm/put' -H 'Content-Type: application/json' -H 'X-Requested-With: XMLHttpRequest' --data-binary '{"options":[{"object":{"range":[["10.0.17.100","10.0.17.1109"]],"$dn$":"cn=kvm,cn=10.200.17.0,cn=knut,cn=ucs.school,dc=school,dc=local"},"options":null}],"flavor":"dhcp/dhcp"}'


1065 class IPv4_AddressRange( complex ):
1066 »   subsyntaxes = (
1067 »   »   (_('First address'), ipv4Address),
1068 »   »   (_( 'Last address'), string),
1069 »   »   )
→ Why is last-address of type string? To allow empty values? Or by accident?

Comment 2 Philipp Hahn

2016-11-02 11:39:52 CET

Execution of command 'udm/add dhcp/dhcp' has failed:

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run
    tmp = self._function()
  File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 367, in _thread
    dn = module.create(properties, container=options.get('container'), superordinate=options.get('superordinate'))
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 86, in _decorated
    return method(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 135, in _decorated
    result = func(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 385, in create
    obj.create()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 305, in create
    return self._create()
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 724, in _create
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dhcp/subnet.py", line 149, in _ldap_modlist
    if not univention.admin.ipaddress.ip_is_in_network(self['subnet'], self['subnetmask'], j):
  File "/usr/lib/pymodules/python2.7/univention/admin/ipaddress.py", line 51, in ip_is_in_network
error: illegal IP address string passed to inet_aton


(In reply to Florian Best from comment #1)
> 1065 class IPv4_AddressRange( complex ):
> 1066 »   subsyntaxes = (
> 1067 »   »   (_('First address'), ipv4Address),
> 1068 »   »   (_( 'Last address'), string),
> 1069 »   »   )
> → Why is last-address of type string? To allow empty values? Or by accident?

IMHO a bug.
BTW last address is optional to allow specifying single addresses - work around is to use last:=first.
Patch in git:ucs/4.1-3+16923

commit d9b387d94fb8bb8fb640c636bd3dee296e48805a
Author: Philipp Hahn <hahn@univention.de>
Date:   Tue Oct 18 14:17:55 2016 +0200

    Bug #33211 udm: Fix DHCP pool range
    
    DHCP allows pools with only one element.
    If given, second range must be an IPv4 address - otherwise dhcpd refuses
    to start!

diff --git a/management/univention-directory-manager-modules/modules/univention/admin/syntax.py b/management/univention-directory-manager-modules/modules/univention/admin/syntax.py
index 65ec78e..dc7050d 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/syntax.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/syntax.py
@@ -1164,9 +1164,11 @@ class IP_AddressRange(complex):
 
 
 class IPv4_AddressRange(IP_AddressRange):
+       min_elements = 1
+       all_required = False
        subsyntaxes = (
                (_('First address'), ipv4Address),
-               (_('Last address'), string),
+               (_('Last address'), ipv4Address),
        )

Comment 3 Philipp Hahn

2016-11-04 10:22:21 CET

r74099 | Bug #33211 udm: validate IP addresses in DHCP

Package: univention-directory-manager-modules
Version: 12.0.5-2A~4.2.0.201611041015
Branch: ucs_4.2-0

Comment 4 Philipp Hahn

2016-11-21 06:05:41 CET

r74607 | Bug #33211 udm: Fix verifying DHCP entry

Comment 5 Florian Best

2016-12-23 15:49:44 CET

OK:
univention-directory-manager-modules (12.0.9-1):
r74607 | Bug #33211 udm: Fix verifying DHCP entry
r74203 | Bug #33211 udm: verify DHCP entry
r74202 | Bug #33211 udm: Validate DHCP pool ranges
r74201 | Bug #33211 udm: Validate IP ranges
r74200 | Bug #33211 udm: Fix DHCP pool range
r74099 | Bug #33211 udm: validate IP addresses in DHCP

OK: Changelog

Comment 6 Florian Best

2017-01-12 16:32:24 CET

REOPEN:

http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-0/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/8/testReport/59_udm/06_inhertiance/test/

[2017-01-12 06:00:27.616374] Object created: cn=2O8Cbk17kqghxRC35qme,dc=AutoTest091,dc=local
[2017-01-12 06:00:27.796527] Object created: cn=192.168.2.0,cn=2O8Cbk17kqghxRC35qme,dc=AutoTest091,dc=local
[2017-01-12 06:00:27.958832] E: Invalid Syntax: range: Not a valid IP address!

Comment 7 Philipp Hahn

2017-01-16 07:37:07 CET

(In reply to Florian Best from comment #6)
> REOPEN:
> 
> http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-0/job/
> AutotestJoin/SambaVersion=s4,Systemrolle=master/8/testReport/59_udm/
> 06_inhertiance/test/
> 
> [2017-01-12 06:00:27.616374] Object created:
> cn=2O8Cbk17kqghxRC35qme,dc=AutoTest091,dc=local
> [2017-01-12 06:00:27.796527] Object created:
> cn=192.168.2.0,cn=2O8Cbk17kqghxRC35qme,dc=AutoTest091,dc=local
> [2017-01-12 06:00:27.958832] E: Invalid Syntax: range: Not a valid IP
> address!

Bug in test:
r75803 | Bug #33211 test: Fix stripping IP address
r75804 | Bug #33211 test: Fix stripping IP address

Comment 8 Florian Best

2017-01-18 11:40:30 CET

OK: ucs-tests

Comment 9 Stefan Gohmann

2017-04-04 18:28:31 CEST

UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".

Comment 10 Philipp Hahn

2021-04-27 11:13:05 CEST

*** Bug 36648 has been marked as a duplicate of this bug. ***

Comment 11 Philipp Hahn

2021-04-27 11:21:53 CEST

*** Bug 44136 has been marked as a duplicate of this bug. ***