qvm-template-postprocess: improve data validation

- validate if IP has correct syntax - print warning if value is invalid QubesOS/qubes-issues#2534
2021-01-29 23:05:06 +01:00 · 2021-01-29 23:05:06 +01:00 · febf014d14
commit febf014d14
parent b2e4d0ee34
1 changed files with 13 additions and 1 deletions
--- a/qubesadmin/tools/qvm_template_postprocess.py
+++ b/qubesadmin/tools/qvm_template_postprocess.py
@ -232,6 +232,12 @@ def call_postinstall_service(vm):
    finally:
        vm.netvm = qubesadmin.DEFAULT

+def validate_ip(ip):
+    """Check if given string has a valid IP address syntax"""
+    try:
+        return all(0 <= int(part) <= 255 for part in ip.split('.', 3))
+    except ValueError:
+        return False

@asyncio.coroutine
 def post_install(args):
@ -301,7 +307,11 @@ def post_install(args):
                'net.fake-gateway',
                'net.fake-netmask'):
            if key in conf:
-                vm.features[key] = conf[key]
+                if validate_ip(conf[key]):
+                    vm.features[key] = conf[key]
+                else:
+                    vm.log.warning(
+                        'ignoring invalid value for \'%s\'', key)
        if 'virt-mode' in conf:
            if conf['virt-mode'] == 'pv' and args.allow_pv:
                vm.virt_mode = 'pv'
@ -310,6 +320,8 @@ def post_install(args):
                    '--allow-pv not set, ignoring request to change virt-mode')
            elif conf['virt-mode'] in ('pvh', 'hvm'):
                vm.virt_mode = conf['virt-mode']
+            else:
+                vm.log.warning('ignoring invalid value for virt-mode')

        if 'kernel' in conf:
            if conf['kernel'] == '':