From 873fb1f7aa87bfdff1f478935d861c60d75b32d5 Mon Sep 17 00:00:00 2001
From: Vladyslav Miachkov <fameowner99@gmail.com>
Date: Fri, 28 Jun 2024 11:56:07 +0300
Subject: [PATCH] Do not allow to add loopback/multicast/broadcast ips to split
 tunnel list

---
 client/settings.cpp                       | 21 +++++++++++++++++++++
 client/ui/controllers/sitesController.cpp | 21 +++++++++++++++++----
 2 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/client/settings.cpp b/client/settings.cpp
index 8129b1e66..a03a87d95 100644
--- a/client/settings.cpp
+++ b/client/settings.cpp
@@ -9,6 +9,17 @@
 #include "containers/containers_defs.h"
 #include "logger.h"
 
+namespace {
+
+bool isAddressReserved(const QString &ipStr)
+{
+  QHostAddress ip(ipStr);
+
+  return ip.isLoopback() || ip.isMulticast() || ip.isBroadcast();
+}
+
+}
+
 const char Settings::cloudFlareNs1[] = "1.1.1.1";
 const char Settings::cloudFlareNs2[] = "1.0.0.1";
 
@@ -272,6 +283,11 @@ bool Settings::addVpnSite(RouteMode mode, const QString &site, const QString &ip
     if (sites.contains(site) && ip.isEmpty())
         return false;
 
+    if (isAddressReserved(site))
+    {
+        return false;
+    }
+
     sites.insert(site, ip);
     setVpnSites(mode, sites);
     return true;
@@ -284,6 +300,11 @@ void Settings::addVpnSites(RouteMode mode, const QMap<QString, QString> &sites)
         const QString &site = i.key();
         const QString &ip = i.value();
 
+        if (isAddressReserved(site))
+        {
+            continue;
+        }
+
         if (allSites.contains(site) && allSites.value(site) == ip)
             continue;
 
diff --git a/client/ui/controllers/sitesController.cpp b/client/ui/controllers/sitesController.cpp
index d54dbdd2f..a263864e1 100644
--- a/client/ui/controllers/sitesController.cpp
+++ b/client/ui/controllers/sitesController.cpp
@@ -35,7 +35,12 @@ void SitesController::addSite(QString hostname)
     }
 
     const auto &processSite = [this](const QString &hostname, const QString &ip) {
-        m_sitesModel->addSite(hostname, ip);
+        bool isAdded = m_sitesModel->addSite(hostname, ip);
+
+        if (!isAdded)
+        {
+          return false;
+        }
 
         if (!ip.isEmpty()) {
             QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
@@ -45,6 +50,8 @@ void SitesController::addSite(QString hostname)
                                       Q_ARG(QStringList, QStringList() << hostname));
         }
         QMetaObject::invokeMethod(m_vpnConnection.get(), "flushDns", Qt::QueuedConnection);
+
+        return true;
     };
 
     const auto &resolveCallback = [this, processSite](const QHostInfo &hostInfo) {
@@ -57,14 +64,20 @@ void SitesController::addSite(QString hostname)
         }
     };
 
+    bool isSiteAdded = false;
     if (NetworkUtilities::ipAddressWithSubnetRegExp().exactMatch(hostname)) {
-        processSite(hostname, "");
+        isSiteAdded = processSite(hostname, "");
     } else {
-        processSite(hostname, "");
+        isSiteAdded = processSite(hostname, "");
         QHostInfo::lookupHost(hostname, this, resolveCallback);
     }
 
-    emit finished(tr("New site added: %1").arg(hostname));
+    if (isSiteAdded) {
+        emit finished(tr("New site added: %1").arg(hostname));
+    } else
+    {
+        emit finished(tr("Invalid or reserved ip: %1").arg(hostname));
+    }
 }
 
 void SitesController::removeSite(int index)