NeDi Community

NeDi Software Specific => Discovery => Topic started by: gumba on March 04, 2009, 10:28:47 AM

Title: IP regexp in libmisc.pl
Post by: gumba on March 04, 2009, 10:28:47 AM
I recently discovered that seedlists containing invalid (out of range) IP addresses make the discovery in NeDi crash. If the seedlist accidentally contains an IP address like e.g. 10.0.0.256, the discovery crashes with
Code: [Select]
Can't call method "get_request" on an undefined value at ./inc/libsnmp.pl line 76.

As the reason for that I saw that IP addresses taken from the seedlist are checked by the subroutine InitSeeds in libmisc.pl by matching them against the regular expression
Code: [Select]
^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
If the IP matches the pattern, it is directly taken as seed address, otherwise NeDi assumes it to be a host name and tries to resolve it.

Although this pattern correctly examines possible IP addresses for a proper format, it fails detecting if an IP is out of range and would for example accept the IP 10.0.0.256 as being valid. This makes the SNMP session initiated in libsnmp.pl crash.

An easy fix for that would be to replace the pattern in use with the following pattern:
Code: [Select]
^((((1?\d?\d)|2([0-4]\d|5[0-5]))\.){3}((1?\d?\d)|2([0-4]\d|5[0-5])))$
This pattern not only checks for the correct IP address format, but also if the IP is valid. This makes NeDi trying to resolve invalid IP addresses from the seedlist as host names and simply skip them if unresolvable. This prevents the discovery from crashing because of invalid IP addresses.
Title: Re: IP regexp in libmisc.pl
Post by: rickli on March 05, 2009, 07:04:44 PM
Good point  :)

This also reminded me, that I wanted to look at this part anyway, because when adding the -a option I used a much simpler approach. It looks like this now:

my $ip = join('.',unpack( 'C4',gethostbyname($f[0]) ) );

This ignores invalid IPs, which cannot be resolved silently...