From 06263790c80a990fd975a09b2eb8c62812f2b639 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 4 Feb 2017 22:20:48 +0000
Subject: [PATCH] Test if supplied IP address is valid dot-decimal format

---
 .../admin_ui/controllers/authentication/authentication.rb      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/extensions/admin_ui/controllers/authentication/authentication.rb b/extensions/admin_ui/controllers/authentication/authentication.rb
index f5a6744c1..eb85c22b5 100644
--- a/extensions/admin_ui/controllers/authentication/authentication.rb
+++ b/extensions/admin_ui/controllers/authentication/authentication.rb
@@ -109,7 +109,8 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
     config = BeEF::Core::Configuration.instance
     permitted_ui_subnet = config.get('beef.restrictions.permitted_ui_subnet')
     target_network = IPAddr.new(permitted_ui_subnet)
-    
+    # test if supplied IP address is valid dot-decimal format
+    return false unless ip =~ /\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\z/
     # test if ip within subnet
     return target_network.include?(ip)
   end