From f2aa93767ece248d8efadc9b3507e233044aa316 Mon Sep 17 00:00:00 2001
From: Salvatore Orlando <salv.orlando@gmail.com>
Date: Thu, 28 Aug 2014 14:54:18 -0700
Subject: [PATCH] Subnets with prefix length 0 are invalid

This patch changes the API behaviour to return a 400 error
when a subnet with /0 prefix length is specified.

This kind of subnet hardly make any sense, and also cannot
possibly work when DHCP is enabled.

Change-Id: I8f822f14b91475dcf86ea44ee607013e61cbb6f7
Closes-Bug: #1362651
---
 neutron/db/db_base_plugin_v2.py      | 10 ++++++++++
 neutron/tests/unit/test_db_plugin.py | 11 +++++++++++
 2 files changed, 21 insertions(+)

diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py
index 9f8d7bf3f..fa5cd3a42 100644
--- a/neutron/db/db_base_plugin_v2.py
+++ b/neutron/db/db_base_plugin_v2.py
@@ -564,6 +564,16 @@ class NeutronDbPluginV2(neutron_plugin_base_v2.NeutronPluginBaseV2,
         CIDR if overlapping IPs are disabled.
         """
         new_subnet_ipset = netaddr.IPSet([new_subnet_cidr])
+        # Disallow subnets with prefix length 0 as they will lead to
+        # dnsmasq failures (see bug 1362651).
+        # This is not a discrimination against /0 subnets.
+        # A /0 subnet is conceptually possible but hardly a practical
+        # scenario for neutron's use cases.
+        for cidr in new_subnet_ipset.iter_cidrs():
+            if cidr.prefixlen == 0:
+                err_msg = _("0 is not allowed as CIDR prefix length")
+                raise n_exc.InvalidInput(error_message=err_msg)
+
         if cfg.CONF.allow_overlapping_ips:
             subnet_list = network.subnets
         else:
diff --git a/neutron/tests/unit/test_db_plugin.py b/neutron/tests/unit/test_db_plugin.py
index 720d10948..69c9451bd 100644
--- a/neutron/tests/unit/test_db_plugin.py
+++ b/neutron/tests/unit/test_db_plugin.py
@@ -2357,6 +2357,17 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase):
             res = subnet_req.get_response(self.api)
             self.assertEqual(res.status_int, webob.exc.HTTPClientError.code)
 
+    def test_create_subnet_bad_V4_cidr_prefix_len(self):
+        with self.network() as network:
+            data = {'subnet': {'network_id': network['network']['id'],
+                    'cidr': '0.0.0.0/0',
+                    'ip_version': '4',
+                    'tenant_id': network['network']['tenant_id'],
+                    'gateway_ip': '0.0.0.1'}}
+            subnet_req = self.new_create_request('subnets', data)
+            res = subnet_req.get_response(self.api)
+            self.assertEqual(res.status_int, webob.exc.HTTPClientError.code)
+
     def test_create_subnet_bad_V6_cidr(self):
         with self.network() as network:
             data = {'subnet': {'network_id': network['network']['id'],