[lxc-devel] [lxd/master] shared/cert: be more thorough when parsing ip addr
brauner on Github
lxc-bot at linuxcontainers.org
Thu Oct 6 16:04:49 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 471 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161006/5a5247c6/attachment.bin>
-------------- next part --------------
From 40aba8e6d00f3b07273c36f7ea01271743e1e0ac Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Thu, 6 Oct 2016 17:37:45 +0200
Subject: [PATCH] shared/cert: be more thorough when parsing ip addr
- check that IPv6 and IPv4 is no link-local address
- skip prefix length
- use IP for IP addresses
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
shared/cert.go | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/shared/cert.go b/shared/cert.go
index d0c3911..45575fe 100644
--- a/shared/cert.go
+++ b/shared/cert.go
@@ -177,8 +177,10 @@ func GenerateMemCert(client bool) ([]byte, []byte, error) {
}
for _, h := range hosts {
- if ip := net.ParseIP(h); ip != nil {
- template.IPAddresses = append(template.IPAddresses, ip)
+ if ip, _, err := net.ParseCIDR(h); err != nil {
+ if !ip.IsLinkLocalUnicast() && !ip.IsLinkLocalMulticast() {
+ template.IPAddresses = append(template.IPAddresses, ip)
+ }
} else {
template.DNSNames = append(template.DNSNames, h)
}
More information about the lxc-devel
mailing list