commit 8287d7f546e4ffe7a2ac32df50d6b465484f81cc
Author: Miguel Lavalle <email address hidden>
Date: Thu Jun 14 09:21:09 2018 -0500
Disallow router interface out of subnet IP range
Currently, a non privileged tenant can add a router interface to a
shared / external network's subnet with an IP address outside the
subnet's allocation pool, creating a security risk. This patch prevents
tenants who are not the subnet's owner or admin from assigning a router
interface an IP address outside the subnet's allocation pool.
Change-Id: I32e76a83443dd8e7d79b396499747f29b4762e92
Closes-Bug: #1757482
(cherry picked from commit 54aa6e81cb17b33ce4d5d469cc11dec2869c762d)
Reviewed: https:/ /review. openstack. org/584324 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=8287d7f546e 4ffe7a2ac32df50 d6b465484f81cc
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 8287d7f546e4ffe 7a2ac32df50d6b4 65484f81cc
Author: Miguel Lavalle <email address hidden>
Date: Thu Jun 14 09:21:09 2018 -0500
Disallow router interface out of subnet IP range
Currently, a non privileged tenant can add a router interface to a
shared / external network's subnet with an IP address outside the
subnet's allocation pool, creating a security risk. This patch prevents
tenants who are not the subnet's owner or admin from assigning a router
interface an IP address outside the subnet's allocation pool.
Change-Id: I32e76a83443dd8 e7d79b396499747 f29b4762e92 ce4d5d469cc11de c2869c762d)
Closes-Bug: #1757482
(cherry picked from commit 54aa6e81cb17b33