From: Greg Farnum <gfarnum@redhat.com>
Date: Mon, 15 Nov 2021 20:06:50 +0000 (+0000)
Subject: mon: check 'nonce' validity for cidr ranges
X-Git-Tag: v17.2.1~15^2~17
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6a146b52b01d81e59aef38e23cd2f08d4050add2;p=ceph.git

mon: check 'nonce' validity for cidr ranges

Signed-off-by: Greg Farnum <gfarnum@redhat.com>
(cherry picked from commit 5c903e5b0a48f60dcf644f83478f97136d7dc56c)
---

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 2c9b58a54549..adf1994c2252 100644
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -12711,6 +12711,12 @@ bool OSDMonitor::prepare_command_impl(MonOpRequestRef op,
 	if (err) {
 	  goto reply;
 	}
+	if ((addr.is_ipv4() && addr.get_nonce() > 32) ||
+	    (addr.is_ipv6() && addr.get_nonce() > 128)) {
+	  ss << "Too many bits in range for that protocol!";
+	  err = -EINVAL;
+	  goto reply;
+	}
       } else {
 	if (osdmap.require_osd_release >= ceph_release_t::nautilus) {
 	  // always blocklist type ANY