[lxc-devel] [lxd/master] Improve cluster address validation

Thu, 13 Feb 2020 03:06:13 -0800 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6877

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===


From 8c746f005c2b23a0ca7d79767ba61edf8b5c467f Mon Sep 17 00:00:00 2001
From: Free Ekanayaka <free.ekanay...@canonical.com>
Date: Thu, 13 Feb 2020 10:42:40 +0000
Subject: [PATCH 1/2] lxd init: Don't allow empty strings for the cluster host
 name

Signed-off-by: Free Ekanayaka <free.ekanay...@canonical.com>
---
 lxd/main_init_interactive.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lxd/main_init_interactive.go b/lxd/main_init_interactive.go
index 9845e58eeb..de96c76c66 100644
--- a/lxd/main_init_interactive.go
+++ b/lxd/main_init_interactive.go
@@ -15,7 +15,7 @@ import (
        "golang.org/x/sys/unix"
        "gopkg.in/yaml.v2"
 
-       "github.com/lxc/lxd/client"
+       lxd "github.com/lxc/lxd/client"
        "github.com/lxc/lxd/lxd/cluster"
        "github.com/lxc/lxd/lxd/network"
        "github.com/lxc/lxd/lxd/util"
@@ -116,8 +116,17 @@ func (c *cmdInit) askClustering(config *cmdInitData, d 
lxd.InstanceServer) error
 
                // Cluster server address
                address := util.NetworkInterfaceAddress()
-               serverAddress := util.CanonicalNetworkAddress(cli.AskString(
-                       fmt.Sprintf("What IP address or DNS name should be used 
to reach this node? [default=%s]: ", address), address, nil))
+               var serverAddress string
+               for {
+                       serverAddress = 
util.CanonicalNetworkAddress(cli.AskString(
+                               fmt.Sprintf("What IP address or DNS name should 
be used to reach this node? [default=%s]: ", address), address, nil))
+                       host, _, _ := net.SplitHostPort(serverAddress)
+                       if shared.StringInSlice(host, []string{"", "[::]", 
"0.0.0.0"}) {
+                               fmt.Printf("Invalid IP address or DNS name\n")
+                               continue
+                       }
+                       break
+               }
                config.Node.Config["core.https_address"] = serverAddress
 
                if cli.AskBool("Are you joining an existing cluster? (yes/no) 
[default=no]: ", "no") {

From b9a292f9c60b9541b83b81957eedbab1e937873c Mon Sep 17 00:00:00 2001
From: Free Ekanayaka <free.ekanay...@canonical.com>
Date: Thu, 13 Feb 2020 10:43:24 +0000
Subject: [PATCH 2/2] node/config.go: Don't allow wild card addresses for
 cluster.https_address

Signed-off-by: Free Ekanayaka <free.ekanay...@canonical.com>
---
 lxd/node/config.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/lxd/node/config.go b/lxd/node/config.go
index c478791faa..2756f7601c 100644
--- a/lxd/node/config.go
+++ b/lxd/node/config.go
@@ -2,9 +2,12 @@ package node
 
 import (
        "fmt"
+       "net"
 
        "github.com/lxc/lxd/lxd/config"
        "github.com/lxc/lxd/lxd/db"
+       "github.com/lxc/lxd/shared"
+       "github.com/pkg/errors"
 )
 
 // Config holds node-local configuration values for a certain LXD instance.
@@ -153,7 +156,7 @@ var ConfigSchema = config.Schema{
        "core.https_address": {},
 
        // Network address for cluster communication
-       "cluster.https_address": {},
+       "cluster.https_address": {Validator: validateClusterHTTPSAddress},
 
        // Network address for the debug server
        "core.debug_address": {},
@@ -165,3 +168,17 @@ var ConfigSchema = config.Schema{
        "storage.backups_volume": {},
        "storage.images_volume":  {},
 }
+
+func validateClusterHTTPSAddress(value string) error {
+       if value == "" {
+               return nil // Deleting entry
+       }
+       host, _, err := net.SplitHostPort(value)
+       if err != nil {
+               return errors.Wrap(err, "Address not in form of <HOST>:<PORT>")
+       }
+       if shared.StringInSlice(host, []string{"[::]", "0.0.0.0"}) {
+               return fmt.Errorf("Invalid IP address or DNS name")
+       }
+       return nil
+}

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to