Do not allow to add loopback/multicast/broadcast ips to split tunnel list

2026-01-27 10:18:14 +00:00 · 2024-06-28 11:56:07 +03:00
parent ef712b7054
commit 3e5e98d916
2 changed files with 39 additions and 4 deletions
--- a/client/settings.cpp
+++ b/client/settings.cpp
@@ -9,6 +9,18 @@
 #include "containers/containers_defs.h"
 #include "logger.h"

+namespace {
+
+// true if invalid address or ip matches either of localhost/multicast/broadcast
+bool isIpAddressReserved(const QString &ipStr)
+{
+  QHostAddress ip(ipStr);
+
+  return ip.isLoopback() || ip.isMulticast() || ip.isBroadcast();
+}
+
+}
+
 const char Settings::cloudFlareNs1[] = "1.1.1.1";
 const char Settings::cloudFlareNs2[] = "1.0.0.1";

@@ -272,6 +284,11 @@ bool Settings::addVpnSite(RouteMode mode, const QString &site, const QString &ip
    if (sites.contains(site) && ip.isEmpty())
        return false;

+    if (isIpAddressReserved(site))
+    {
+        return false;
+    }
+
    sites.insert(site, ip);
    setVpnSites(mode, sites);
    return true;
@@ -284,6 +301,11 @@ void Settings::addVpnSites(RouteMode mode, const QMap<QString, QString> &sites)
        const QString &site = i.key();
        const QString &ip = i.value();

+        if (isIpAddressReserved(site))
+        {
+            continue;
+        }
+
        if (allSites.contains(site) && allSites.value(site) == ip)
            continue;

--- a/client/ui/controllers/sitesController.cpp
+++ b/client/ui/controllers/sitesController.cpp
@@ -35,7 +35,12 @@ void SitesController::addSite(QString hostname)
    }

    const auto &processSite = [this](const QString &hostname, const QString &ip) {
-        m_sitesModel->addSite(hostname, ip);
+        bool isAdded = m_sitesModel->addSite(hostname, ip);
+
+        if (!isAdded)
+        {
+          return false;
+        }

        if (!ip.isEmpty()) {
            QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
@@ -45,6 +50,8 @@ void SitesController::addSite(QString hostname)
                                      Q_ARG(QStringList, QStringList() << hostname));
        }
        QMetaObject::invokeMethod(m_vpnConnection.get(), "flushDns", Qt::QueuedConnection);
+
+        return true;
    };

    const auto &resolveCallback = [this, processSite](const QHostInfo &hostInfo) {
@@ -57,14 +64,20 @@ void SitesController::addSite(QString hostname)
        }
    };

+    bool isSiteAdded = false;
    if (NetworkUtilities::ipAddressWithSubnetRegExp().exactMatch(hostname)) {
-        processSite(hostname, "");
+        isSiteAdded = processSite(hostname, "");
    } else {
-        processSite(hostname, "");
+        isSiteAdded = processSite(hostname, "");
        QHostInfo::lookupHost(hostname, this, resolveCallback);
    }

-    emit finished(tr("New site added: %1").arg(hostname));
+    if (isSiteAdded) {
+        emit finished(tr("New site added: %1").arg(hostname));
+    } else
+    {
+        emit finished(tr("Invalid address or ip matches either of localhost/multicast/broadcast: %1").arg(hostname));
+    }
 }

 void SitesController::removeSite(int index)