|
|
c8bb8f |
diff --git a/server/confpars.c b/server/confpars.c
|
|
|
c8bb8f |
index 12ab0e6..4454be9 100644
|
|
|
c8bb8f |
--- a/server/confpars.c
|
|
|
c8bb8f |
+++ b/server/confpars.c
|
|
|
c8bb8f |
@@ -3756,6 +3756,19 @@ add_ipv6_pool_to_subnet(struct subnet *subnet, u_int16_t type,
|
|
|
c8bb8f |
share->ipv6_pools[num_pools+1] = NULL;
|
|
|
c8bb8f |
}
|
|
|
c8bb8f |
|
|
|
c8bb8f |
+static void
|
|
|
c8bb8f |
+check_addr_in_subnet(struct subnet *subnet, struct iaddr *addr) {
|
|
|
c8bb8f |
+ char lowbuf [INET6_ADDRSTRLEN], netbuf [INET6_ADDRSTRLEN];
|
|
|
c8bb8f |
+
|
|
|
c8bb8f |
+ if (!addr_eq(subnet->net, subnet_number(*addr, subnet->netmask))) {
|
|
|
c8bb8f |
+ strcpy(lowbuf, piaddr(*addr));
|
|
|
c8bb8f |
+ strcpy(netbuf, piaddr(subnet->net));
|
|
|
c8bb8f |
+ log_fatal("bad range6, address %s not in subnet6 %s/%d",
|
|
|
c8bb8f |
+ lowbuf, netbuf, subnet->prefix_len);
|
|
|
c8bb8f |
+ }
|
|
|
c8bb8f |
+
|
|
|
c8bb8f |
+}
|
|
|
c8bb8f |
+
|
|
|
c8bb8f |
/* address-range6-declaration :== ip-address6 ip-address6 SEMI
|
|
|
c8bb8f |
| ip-address6 SLASH number SEMI
|
|
|
c8bb8f |
| ip-address6 [SLASH number] TEMPORARY SEMI */
|
|
|
c8bb8f |
@@ -3788,6 +3801,8 @@ parse_address_range6(struct parse *cfile, struct group *group) {
|
|
|
c8bb8f |
return;
|
|
|
c8bb8f |
}
|
|
|
c8bb8f |
|
|
|
c8bb8f |
+ check_addr_in_subnet(group->subnet, &lo);
|
|
|
c8bb8f |
+
|
|
|
c8bb8f |
/*
|
|
|
c8bb8f |
* See if we we're using range or CIDR notation or TEMPORARY
|
|
|
c8bb8f |
*/
|
|
|
c8bb8f |
@@ -3855,6 +3870,8 @@ parse_address_range6(struct parse *cfile, struct group *group) {
|
|
|
c8bb8f |
return;
|
|
|
c8bb8f |
}
|
|
|
c8bb8f |
|
|
|
c8bb8f |
+ check_addr_in_subnet(group->subnet, &hi;;
|
|
|
c8bb8f |
+
|
|
|
c8bb8f |
/*
|
|
|
c8bb8f |
* Convert our range to a set of CIDR networks.
|
|
|
c8bb8f |
*/
|