From b99962d27f3ba24f31d5b99bae64c20ea48f13ae Mon Sep 17 00:00:00 2001
From: Jayapal <jayapal@apache.org>
Date: Tue, 3 Sep 2013 14:17:16 +0530
Subject: [PATCH] CLOUDSTACK-4586 Added CIDR validation for SG Egress rules

---
 .../securitygroup/AuthorizeSecurityGroupIngressCmd.java   | 7 -------
 .../cloud/network/security/SecurityGroupManagerImpl.java  | 8 ++++++++
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
index f8cd8c5d955..13d21338ae7 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/AuthorizeSecurityGroupIngressCmd.java
@@ -207,13 +207,6 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd {
 
     @Override
     public void execute() {
-        if(cidrList != null){
-            for(String cidr : cidrList ){
-                if (!NetUtils.isValidCIDR(cidr)){
-                    throw new ServerApiException(ApiErrorCode.PARAM_ERROR,  cidr + " is an Invalid CIDR ");
-                }
-            }
-        }
         List<? extends SecurityRule> ingressRules = _securityGroupService.authorizeSecurityGroupIngress(this);
         if (ingressRules != null && !ingressRules.isEmpty()) {
             SecurityGroupResponse response = _responseGenerator.createSecurityGroupResponseFromSecurityGroupRule(ingressRules);
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index 1c189c44688..fc95f21b6aa 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -600,6 +600,14 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
             protocol = NetUtils.ALL_PROTO;
         }
 
+        if(cidrList != null){
+            for(String cidr : cidrList ){
+                if (!NetUtils.isValidCIDR(cidr)){
+                    throw new InvalidParameterValueException("Invalid cidr " + cidr);
+                }
+            }
+        }
+
         if (!NetUtils.isValidSecurityGroupProto(protocol)) {
             throw new InvalidParameterValueException("Invalid protocol " + protocol);
         }