Prevent link.cgi connecting to non-local IPs

collectinfo.pl

@@ -31,3 +31,7 @@ package virtual_server;
 	&add_historic_collected_info($info, $start);
 	}
 &unlock_file($collected_info_file);
+
+# Update IP list cache
+&build_local_ip_list();
+

feature-virt.pl

@@ -52,6 +52,7 @@ sub setup_virt
 		&$second_print(&text('setup_virtnotdone', $_[0]->{'ip'}));
 		}
 	}
+&build_local_ip_list();
 &release_lock_virt($_[0]);
 return 1;
 }
@@ -80,6 +81,7 @@ sub delete_virt
 	else {
 		&$second_print(&text('delete_novirt', $biface->{'fullname'}));
 		}
+	&build_local_ip_list();
 	&release_lock_virt($_[0]);
 	}
 delete($_[0]->{'iface'});
@@ -112,6 +114,7 @@ sub modify_virt
 	else {
 		&$second_print(&text('delete_novirt', $_[1]->{'iface'}));
 		}
+	&build_local_ip_list();
 	&release_lock_virt($_[0]);
 	}
 }
@@ -393,6 +396,20 @@ sub parse_template_virt
 	}
 }
 
+# build_local_ip_list()
+# Create a local cache file of IPs on this system
+sub build_local_ip_list
+{
+&foreign_require("net", "net-lib.pl");
+&open_lock_tempfile(IPCACHE, ">$module_config_directory/localips");
+foreach my $a (&net::active_interfaces()) {
+	if ($a->{'address'}) {
+		&print_tempfile(IPCACHE, $a->{'address'},"\n");
+		}
+	}
+&close_tempfile(IPCACHE);
+}
+
 # obtain_lock_virt(&domain)
 # Signal that we are locking virtual IPs
 sub obtain_lock_virt

link.cgi

@@ -47,6 +47,14 @@ $noiplinkurl = "/$module_name/link.cgi/";
 $| = 1;
 $meth = $ENV{'REQUEST_METHOD'};
 
+# Make sure the IP is on this system
+open(IPCACHE, "$module_config_directory/localips");
+chop(@localips = <IPCACHE>);
+close(IPCACHE);
+&indexof($ip, @localips) >= 0 ||
+	&error("Connections to IP addresses not on this system are ".
+	       "not allowed : $ip");
+
 # Alternate host for redirects
 if ($host =~ /^www\.(.*)$/) {
 	$althost = $1;