From 6537f35176594e57bd3919074ffbecb868af38bd Mon Sep 17 00:00:00 2001
From: Saria Hajjar <shajjar@mc-lon-mb11797.local>
Date: Thu, 9 Jan 2020 14:33:49 +0000
Subject: [PATCH] Fixes #3864: Disallow /0 masks

---
 docs/release-notes/version-2.6.md |  1 +
 netbox/ipam/models.py             | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/docs/release-notes/version-2.6.md b/docs/release-notes/version-2.6.md
index f3ff8798a..2cd240e15 100644
--- a/docs/release-notes/version-2.6.md
+++ b/docs/release-notes/version-2.6.md
@@ -10,6 +10,7 @@
 * [#3589](https://github.com/netbox-community/netbox/issues/3589) - Fix validation on tagged VLANs of an interface
 * [#3853](https://github.com/netbox-community/netbox/issues/3853) - Fix device role link on config context view
 * [#3856](https://github.com/netbox-community/netbox/issues/3856) - Allow filtering VM interfaces by multiple MAC addresses
+* [#3864](https://github.com/netbox-community/netbox/issues/3864) - Disallow /0 masks
 
 ---
 
diff --git a/netbox/ipam/models.py b/netbox/ipam/models.py
index 8f9b64b59..a67ff4a86 100644
--- a/netbox/ipam/models.py
+++ b/netbox/ipam/models.py
@@ -177,6 +177,12 @@ class Aggregate(ChangeLoggedModel, CustomFieldModel):
             # Clear host bits from prefix
             self.prefix = self.prefix.cidr
 
+            # /0 masks are not acceptable
+            if self.prefix.prefixlen == 0:
+                raise ValidationError({
+                    'prefix': "Cannot create aggregate with /0 mask."
+                })
+
             # Ensure that the aggregate being added is not covered by an existing aggregate
             covering_aggregates = Aggregate.objects.filter(prefix__net_contains_or_equals=str(self.prefix))
             if self.pk:
@@ -347,6 +353,12 @@ class Prefix(ChangeLoggedModel, CustomFieldModel):
 
         if self.prefix:
 
+            # /0 masks are not acceptable
+            if self.prefix.prefixlen == 0:
+                raise ValidationError({
+                    'prefix': "Cannot create prefix with /0 mask."
+                })
+
             # Disallow host masks
             if self.prefix.version == 4 and self.prefix.prefixlen == 32:
                 raise ValidationError({
@@ -622,6 +634,12 @@ class IPAddress(ChangeLoggedModel, CustomFieldModel):
 
         if self.address:
 
+            # /0 masks are not acceptable
+            if self.address.prefixlen == 0:
+                raise ValidationError({
+                    'address': "Cannot create IP address with /0 mask."
+                })
+
             # Enforce unique IP space (if applicable)
             if self.role not in IPADDRESS_ROLES_NONUNIQUE and ((
                 self.vrf is None and settings.ENFORCE_GLOBAL_UNIQUE