From: Fiona Ebner <f.ebner@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api] schema: fix verification for transport-domain-or-nexthop type
Date: Thu, 24 Apr 2025 13:34:51 +0200 [thread overview]
Message-ID: <20250424113451.38672-1-f.ebner@proxmox.com> (raw)
Since pmg_verify_transport_address() is called with $noerr set, it
will not die on failure. Make sure that the verification method does
not quietly accept an invalid value in this case by making sure the
code for failure is also executed in this scenario, i.e. moving it
out of the 'else' branch.
As reported in the community forum [0], this could case issues when a
CIDR is specified instead of an IP or domain name for TLS destination
policy, which is not intended.
[0]: https://forum.proxmox.com/threads/165167/
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
src/PMG/Config.pm | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 82bd42e..0a5dff0 100644
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -1141,10 +1141,11 @@ sub pmg_verify_transport_domain_or_nexthop {
$nexthop = $1;
}
return $name if pmg_verify_transport_address($nexthop, 1);
- } else {
- return undef if $noerr;
- die "value does not look like a valid domain or next-hop\n";
+ # else fall through, because it is a failure
}
+
+ return undef if $noerr;
+ die "value does not look like a valid domain or next-hop\n";
}
sub read_tls_policy {
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next reply other threads:[~2025-04-24 11:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-24 11:34 Fiona Ebner [this message]
2025-04-28 12:23 ` [pmg-devel] applied: " Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250424113451.38672-1-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal