[pve-devel] [PATCH http-server] access control: avoid "uninitialized value" warning if using IP ranges

[pve-devel] [PATCH http-server] access control: avoid "uninitialized value" warning if using IP ranges

[Friedrich Weber]

ALLOW_FROM/DENY_FROM accept any syntax understood by Net::IP. However,
if an IP range like "10.1.1.1-10.1.1.3" is configured, a confusing
Perl warning is printed to the syslog on a match:

  Use of uninitialized value in concatenation (.) or string at [...]

The reason is that we use Net::IP::prefix to prepare a debug message,
but this returns undef if a range was specified. To avoid the warning,
use Net::IP::print to obtain a string representation instead.

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
---
 src/PVE/APIServer/AnyEvent.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
index cebd9ba..b60b825 100644
--- a/src/PVE/APIServer/AnyEvent.pm
+++ b/src/PVE/APIServer/AnyEvent.pm
@@ -1761,7 +1761,7 @@ sub check_host_access {
 	foreach my $t (@{$self->{allow_from}}) {
 	    if ($t->overlaps($cip)) {
 		$match_allow = 1;
-		$self->dprint("client IP allowed: ". $t->prefix());
+		$self->dprint("client IP allowed: ". $t->print());
 		last;
 	    }
 	}
@@ -1770,7 +1770,7 @@ sub check_host_access {
     if ($self->{deny_from}) {
 	foreach my $t (@{$self->{deny_from}}) {
 	    if ($t->overlaps($cip)) {
-		$self->dprint("client IP denied: ". $t->prefix());
+		$self->dprint("client IP denied: ". $t->print());
 		$match_deny = 1;
 		last;
 	    }
-- 
2.39.2

[pve-devel] applied: [PATCH http-server] access control: avoid "uninitialized value" warning if using IP ranges

[Fabian Grünbichler]

thanks!

On January 24, 2024 12:38 pm, Friedrich Weber wrote:
> ALLOW_FROM/DENY_FROM accept any syntax understood by Net::IP. However,
> if an IP range like "10.1.1.1-10.1.1.3" is configured, a confusing
> Perl warning is printed to the syslog on a match:
> 
>   Use of uninitialized value in concatenation (.) or string at [...]
> 
> The reason is that we use Net::IP::prefix to prepare a debug message,
> but this returns undef if a range was specified. To avoid the warning,
> use Net::IP::print to obtain a string representation instead.
> 
> Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
> ---
>  src/PVE/APIServer/AnyEvent.pm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
> index cebd9ba..b60b825 100644
> --- a/src/PVE/APIServer/AnyEvent.pm
> +++ b/src/PVE/APIServer/AnyEvent.pm
> @@ -1761,7 +1761,7 @@ sub check_host_access {
>  	foreach my $t (@{$self->{allow_from}}) {
>  	    if ($t->overlaps($cip)) {
>  		$match_allow = 1;
> -		$self->dprint("client IP allowed: ". $t->prefix());
> +		$self->dprint("client IP allowed: ". $t->print());
>  		last;
>  	    }
>  	}
> @@ -1770,7 +1770,7 @@ sub check_host_access {
>      if ($self->{deny_from}) {
>  	foreach my $t (@{$self->{deny_from}}) {
>  	    if ($t->overlaps($cip)) {
> -		$self->dprint("client IP denied: ". $t->prefix());
> +		$self->dprint("client IP denied: ". $t->print());
>  		$match_deny = 1;
>  		last;
>  	    }
> -- 
> 2.39.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
>