From 59fecdcce37f6cc3d8c2837b049f7ed9a82db574 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 5 Feb 2017 05:28:30 +0000
Subject: [PATCH] Test if supplied IP address is valid dot-decimal format

---
 core/main/rest/api.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/main/rest/api.rb b/core/main/rest/api.rb
index 61330e442..1b046a3b0 100644
--- a/core/main/rest/api.rb
+++ b/core/main/rest/api.rb
@@ -66,7 +66,10 @@ module BeEF
         # get permitted subnet 
         permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
         target_network = IPAddr.new(permitted_ui_subnet)
-        
+
+        # test if supplied IP address is valid dot-decimal format
+        return false unless ip =~ /\A[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\z/
+
         # test if ip within subnet
         return target_network.include?(ip)
       end