Merge pull request #1236 from pi-hole/fix/vuln-savesettings

Check IP addresses read in from dns-server.conf are valid before addi…

scripts/pi-hole/php/savesettings.php

@@ -81,7 +81,7 @@ function readStaticLeasesFile($origin_file="/etc/dnsmasq.d/04-pihole-static-dhcp
 	$dhcp_static_leases = array();
 	if(!file_exists($origin_file) || !is_readable($origin_file))
 		return false;
-	
+
 	$dhcpstatic = @fopen($origin_file, 'r');
 	if(!is_resource($dhcpstatic))
 		return false;
@@ -148,16 +148,16 @@ function readDNSserversList()
 			$line = explode(';', $line);
 			$name = $line[0];
 			$values = [];
-			if (!empty($line[1])) {
+			if (!empty($line[1]) && validIP($line[1])) {
 				$values["v4_1"] = $line[1];
 			}
-			if (!empty($line[2])) {
+			if (!empty($line[2]) && validIP($line[2])) {
 				$values["v4_2"] = $line[2];
 			}
-			if (!empty($line[3])) {
+			if (!empty($line[3]) && validIP($line[3])) {
 				$values["v6_1"] = $line[3];
 			}
-			if (!empty($line[4])) {
+			if (!empty($line[4]) && validIP($line[4])) {
 				$values["v6_2"] = $line[4];
 			}
             $list[$name] = $values;
@@ -202,7 +202,7 @@ function addStaticDHCPLease($mac, $ip, $hostname) {
 
 		// Test if this lease is already included
 		readStaticLeasesFile();
-		
+
 		foreach($dhcp_static_leases as $lease) {
 			if($lease["hwaddr"] === $mac)
 			{