[bug#52603] [PATCH 2/2] services: static-networking: Sanitize <network-address> values.

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: "Ludovic Courtès" <ludo@gnu.org>
To: 52603@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludo@gnu.org>
Subject: [bug#52603] [PATCH 2/2] services: static-networking: Sanitize <network-address> values.
Date: Sat, 18 Dec 2021 18:10:40 +0100	[thread overview]
Message-ID: <20211218171040.20268-2-ludo@gnu.org> (raw)
In-Reply-To: <20211218171040.20268-1-ludo@gnu.org>

This makes sure users do not mistakenly configuring a network with "/0"
as its netmask.

* gnu/services/base.scm (assert-valid-address): New procedure.
(<network-address>)[value]: Add it as 'sanitize'.
---
 gnu/services/base.scm | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 5f93483dda..49ec856de4 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -35,8 +35,9 @@
 (define-module (gnu services base)
   #:use-module (guix store)
   #:use-module (guix deprecation)
-  #:autoload   (guix diagnostics) (warning)
+  #:autoload   (guix diagnostics) (warning &fix-hint)
   #:autoload   (guix i18n) (G_)
+  #:use-module (guix combinators)
   #:use-module (gnu services)
   #:use-module (gnu services admin)
   #:use-module (gnu services shepherd)
@@ -72,6 +73,8 @@ (define-module (gnu services base)
   #:use-module (guix i18n)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
   #:use-module (ice-9 format)
   #:re-export (user-processes-service-type        ;backwards compatibility
@@ -2388,6 +2391,26 @@ (define (ipv6-address? str)
   "Return true if STR denotes an IPv6 address."
   (false-if-exception (->bool (inet-pton AF_INET6 str))))
 
+(define-compile-time-procedure (assert-valid-address (address string?))
+  "Ensure ADDRESS has a valid netmask."
+  (unless (or (cidr->netmask address)
+              (and=> (false-if-exception (inet-pton AF_INET address))
+                     (cut = INADDR_LOOPBACK <>))
+              (and=> (false-if-exception (inet-pton AF_INET6 address))
+                     (cut = 1 <>)))
+    (raise
+     (make-compound-condition
+      (formatted-message (G_ "address '~a' lacks a network mask")
+                         address)
+      (condition (&error-location
+                  (location
+                   (source-properties->location procedure-call-location))))
+      (condition (&fix-hint
+                  (hint (format #f (G_ "\
+Write, say, @samp{\"~a/24\"} for a 24-bit network mask.")
+                                address)))))))
+  address)
+
 (define-record-type* <static-networking>
   static-networking make-static-networking
   static-networking?
@@ -2405,7 +2428,8 @@ (define-record-type* <network-address>
   network-address make-network-address
   network-address?
   (device    network-address-device)              ;string--e.g., "en01"
-  (value     network-address-value)               ;string--CIDR notation
+  (value     network-address-value                ;string--CIDR notation
+             (sanitize assert-valid-address))
   (ipv6?     network-address-ipv6?                ;Boolean
              (thunked)
              (default
-- 
2.33.0

next prev parent reply	other threads:[~2021-12-18 17:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-18 17:02 [bug#52603] [PATCH 0/2] Flag missing netmasks early on Ludovic Courtès
2021-12-18 17:10 ` [bug#52603] [PATCH 1/2] combinators: Add 'define-compile-time-procedure' Ludovic Courtès
2021-12-18 17:10   ` Ludovic Courtès [this message]
2021-12-19  9:13 ` [bug#52603] [PATCH 0/2] Flag missing netmasks early on Mathieu Othacehe
2021-12-20 15:28   ` bug#52603: " Ludovic Courtès

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:5f93483dd dfblob:49ec856de
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211218171040.20268-2-ludo@gnu.org \
    --to=ludo@gnu.org \
    --cc=52603@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.