From a8dd7b668eed7f983511be0247fd31aa949d98b7 Mon Sep 17 00:00:00 2001
From: Friedrich Weber <f.weber@proxmox.com>
Date: Wed, 24 Jan 2024 12:38:56 +0100
Subject: [PATCH] access control: avoid "uninitialized value" warning if using
 IP ranges

ALLOW_FROM/DENY_FROM accept any syntax understood by Net::IP. However,
if an IP range like "10.1.1.1-10.1.1.3" is configured, a confusing
Perl warning is printed to the syslog on a match:

  Use of uninitialized value in concatenation (.) or string at [...]

The reason is that we use Net::IP::prefix to prepare a debug message,
but this returns undef if a range was specified. To avoid the warning,
use Net::IP::print to obtain a string representation instead.

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
---
 src/PVE/APIServer/AnyEvent.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
index cebd9ba..b60b825 100644
--- a/src/PVE/APIServer/AnyEvent.pm
+++ b/src/PVE/APIServer/AnyEvent.pm
@@ -1761,7 +1761,7 @@ sub check_host_access {
 	foreach my $t (@{$self->{allow_from}}) {
 	    if ($t->overlaps($cip)) {
 		$match_allow = 1;
-		$self->dprint("client IP allowed: ". $t->prefix());
+		$self->dprint("client IP allowed: ". $t->print());
 		last;
 	    }
 	}
@@ -1770,7 +1770,7 @@ sub check_host_access {
     if ($self->{deny_from}) {
 	foreach my $t (@{$self->{deny_from}}) {
 	    if ($t->overlaps($cip)) {
-		$self->dprint("client IP denied: ". $t->prefix());
+		$self->dprint("client IP denied: ". $t->print());
 		$match_deny = 1;
 		last;
 	    }