commit c1d2f13495b2eb925be6495840795ead5929fd0e
Author: Miguel Lavalle <email address hidden>
Date: Thu Jun 14 09:21:09 2018 -0500
Disallow router interface out of subnet IP range
Currently, a non privileged tenant can add a router interface to a
shared / external network's subnet with an IP address outside the
subnet's allocation pool, creating a security risk. This patch prevents
tenants who are not the subnet's owner or admin from assigning a router
interface an IP address outside the subnet's allocation pool.
Change-Id: I32e76a83443dd8e7d79b396499747f29b4762e92
Closes-Bug: #1757482
(cherry picked from commit 54aa6e81cb17b33ce4d5d469cc11dec2869c762d)
Reviewed: https:/ /review. openstack. org/584326 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=c1d2f13495b 2eb925be6495840 795ead5929fd0e
Committed: https:/
Submitter: Zuul
Branch: stable/ocata
commit c1d2f13495b2eb9 25be6495840795e ad5929fd0e
Author: Miguel Lavalle <email address hidden>
Date: Thu Jun 14 09:21:09 2018 -0500
Disallow router interface out of subnet IP range
Currently, a non privileged tenant can add a router interface to a
shared / external network's subnet with an IP address outside the
subnet's allocation pool, creating a security risk. This patch prevents
tenants who are not the subnet's owner or admin from assigning a router
interface an IP address outside the subnet's allocation pool.
Change-Id: I32e76a83443dd8 e7d79b396499747 f29b4762e92 ce4d5d469cc11de c2869c762d)
Closes-Bug: #1757482
(cherry picked from commit 54aa6e81cb17b33