mon: check 'nonce' validity for cidr ranges

Signed-off-by: Greg Farnum <gfarnum@redhat.com>
(cherry picked from commit 5c903e5b0a48f60dcf644f83478f97136d7dc56c)

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 4529cbe4d94f5adfc50d5eb3fbadc6ca91593144..f9912dd08b1f3e0f17a424e1ade7861f2d3117ee 100644 (file)
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -12707,6 +12707,12 @@ bool OSDMonitor::prepare_command_impl(MonOpRequestRef op,
        if (err) {
          goto reply;
        }
+       if ((addr.is_ipv4() && addr.get_nonce() > 32) ||
+           (addr.is_ipv6() && addr.get_nonce() > 128)) {
+         ss << "Too many bits in range for that protocol!";
+         err = -EINVAL;
+         goto reply;
+       }
       } else {
        if (osdmap.require_osd_release >= ceph_release_t::nautilus) {
          // always blocklist type ANY