diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 29579759c7f..9df33b47257 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -303,6 +303,8 @@ import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.googlecode.ipv6.IPv6Network;
+import static com.cloud.configuration.Config.SecStorageAllowedInternalDownloadSites;
+
public class ConfigurationManagerImpl extends ManagerBase implements ConfigurationManager, ConfigurationService, Configurable {
public static final Logger s_logger = Logger.getLogger(ConfigurationManagerImpl.class);
public static final String PERACCOUNT = "peraccount";
@@ -1314,6 +1316,18 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
}
}
+ if (type.equals(String.class)) {
+ if (name.equalsIgnoreCase(SecStorageAllowedInternalDownloadSites.key()) && StringUtils.isNotEmpty(value)) {
+ final String[] cidrs = value.split(",");
+ for (final String cidr : cidrs) {
+ if (!NetUtils.isValidIp4(cidr) && !NetUtils.isValidIp6(cidr) && !NetUtils.getCleanIp4Cidr(cidr).equals(cidr)) {
+ s_logger.error(String.format("Invalid CIDR %s value specified for the config %s", cidr, name));
+ throw new InvalidParameterValueException(String.format("Invalid CIDR %s value specified for the config %s", cidr, name));
+ }
+ }
+ }
+ }
+
if (configuration == null ) {
//range validation has to be done per case basis, for now
//return in case of Configkey parameters
diff --git a/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java b/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
index f37caa712bc..cd6f23923e1 100644
--- a/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
+++ b/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
@@ -158,6 +158,8 @@ import com.cloud.vm.dao.SecondaryStorageVmDao;
import com.cloud.vm.dao.UserVmDetailsDao;
import com.cloud.vm.dao.VMInstanceDao;
+import static com.cloud.configuration.Config.SecStorageAllowedInternalDownloadSites;
+
/**
* Class to manage secondary storages.
* Possible secondary storage VM state transition cases:
@@ -401,6 +403,9 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
String[] cidrs = _allowedInternalSites.split(",");
for (String cidr : cidrs) {
if (NetUtils.isValidIp4Cidr(cidr) || NetUtils.isValidIp4(cidr) || !cidr.startsWith("0.0.0.0")) {
+ if (NetUtils.getCleanIp4Cidr(cidr).equals(cidr)) {
+ s_logger.warn(String.format("Invalid CIDR %s in %s", cidr, SecStorageAllowedInternalDownloadSites.key()));
+ }
allowedCidrs.add(cidr);
}
}
diff --git a/ui/src/views/setting/ConfigurationValue.vue b/ui/src/views/setting/ConfigurationValue.vue
index 0069896f7a5..836aed69dd3 100644
--- a/ui/src/views/setting/ConfigurationValue.vue
+++ b/ui/src/views/setting/ConfigurationValue.vue
@@ -266,7 +266,7 @@ export default {
this.$message.error(this.$t('message.error.save.setting'))
this.$notification.error({
message: this.$t('label.error'),
- description: this.$t('message.error.save.setting')
+ description: error?.response?.data?.updateconfigurationresponse?.errortext || this.$t('message.error.save.setting')
})
}).finally(() => {
this.valueLoading = false
diff --git a/utils/src/main/java/com/cloud/utils/net/NetUtils.java b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
index 91a2f4eb755..1b4ebcccf94 100644
--- a/utils/src/main/java/com/cloud/utils/net/NetUtils.java
+++ b/utils/src/main/java/com/cloud/utils/net/NetUtils.java
@@ -626,6 +626,18 @@ public class NetUtils {
return long2Ip(firstPart) + "/" + size;
}
+ public static String getCleanIp4Cidr(final String cidr) {
+ if (!isValidIp4Cidr(cidr)) {
+ throw new CloudRuntimeException("Invalid CIDR: " + cidr);
+ }
+ String gateway = cidr.split("/")[0];
+ Long netmaskSize = Long.parseLong(cidr.split("/")[1]);
+ final long ip = ip2Long(gateway);
+ final long startNetMask = ip2Long(getCidrNetmask(netmaskSize));
+ final long start = (ip & startNetMask);
+ return String.format("%s/%s", long2Ip(start), netmaskSize);
+ }
+
public static String[] getIpRangeFromCidr(final String cidr, final long size) {
assert size < MAX_CIDR : "You do know this is not for ipv6 right? Keep it smaller than 32 but you have " + size;
final String[] result = new String[2];
diff --git a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
index defb440c2a5..0f19da38922 100644
--- a/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/net/NetUtilsTest.java
@@ -296,6 +296,17 @@ public class NetUtilsTest {
assertTrue(NetUtils.isValidIp4Cidr(cidrThird));;
}
+ @Test
+ public void testGetCleanIp4Cidr() throws Exception {
+ final String cidrFirst = "10.0.144.0/20";
+ final String cidrSecond = "10.0.151.5/20";
+ final String cidrThird = "10.0.144.10/21";
+
+ assertEquals(cidrFirst, NetUtils.getCleanIp4Cidr(cidrFirst));
+ assertEquals("10.0.144.0/20", NetUtils.getCleanIp4Cidr(cidrSecond));
+ assertEquals("10.0.144.0/21", NetUtils.getCleanIp4Cidr(cidrThird));;
+ }
+
@Test
public void testIsValidCidrList() throws Exception {
final String cidrFirst = "10.0.144.0/20,1.2.3.4/32,5.6.7.8/24";