From 18b659653daae3259ca47c356c5f2688f4bf2344 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Wed, 5 Nov 2025 17:05:56 -0700
Subject: [PATCH] better validation

---
 sdk/base/lib/util/ip.ts                                       | 4 ++--
 .../start-tunnel/src/app/routes/home/routes/devices/utils.ts  | 4 ++--
 .../start-tunnel/src/app/routes/home/routes/subnets/index.ts  | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sdk/base/lib/util/ip.ts b/sdk/base/lib/util/ip.ts
index 79174a24d..026bdd3cc 100644
--- a/sdk/base/lib/util/ip.ts
+++ b/sdk/base/lib/util/ip.ts
@@ -31,7 +31,7 @@ export class IpAddress {
       octets = address.split(".").map(Number)
       if (octets.length !== 4) throw new Error("invalid ipv4 address")
     }
-    if (octets.some((o) => o > 255)) {
+    if (octets.some((o) => isNaN(o) || o > 255)) {
       throw new Error("invalid ip address")
     }
     return new IpAddress(octets, address)
@@ -175,7 +175,7 @@ export class IpNet extends IpAddress {
 
     return IpAddress.fromOctets(octets)
   }
-  last(): IpAddress {
+  broadcast(): IpAddress {
     let octets: number[] = []
     let prefix = this.prefix
     for (let idx = 0; idx < this.octets.length; idx++) {
diff --git a/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts b/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts
index 227d9b13a..52234ae6f 100644
--- a/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts
+++ b/web/projects/start-tunnel/src/app/routes/home/routes/devices/utils.ts
@@ -40,7 +40,7 @@ export const ipInSubnetValidator = (subnet: string | null = null) => {
       return { invalidIp: 'Not a valid IP Address' }
     }
     if (!ipnet) return null
-    return ipnet.contains(ip)
+    return ipnet.zero().cmp(ip) === -1 && ipnet.broadcast().cmp(ip) === 1
       ? null
       : { notInSubnet: `Address is not part of ${subnet}` }
   }
@@ -48,7 +48,7 @@ export const ipInSubnetValidator = (subnet: string | null = null) => {
 
 export function getIp({ clients, range }: MappedSubnet) {
   const net = IpNet.parse(range)
-  const last = net.last()
+  const last = net.broadcast()
 
   for (let ip = net.add(1); ip.cmp(last) === -1; ip.add(1)) {
     if (!clients[ip.address]) {
diff --git a/web/projects/start-tunnel/src/app/routes/home/routes/subnets/index.ts b/web/projects/start-tunnel/src/app/routes/home/routes/subnets/index.ts
index 2499a7c53..5e66aa3fe 100644
--- a/web/projects/start-tunnel/src/app/routes/home/routes/subnets/index.ts
+++ b/web/projects/start-tunnel/src/app/routes/home/routes/subnets/index.ts
@@ -135,7 +135,7 @@ export default class Subnets {
       this.subnets()
         .map(s => utils.IpNet.parse(s.range))
         .sort((a, b) => -1 * a.cmp(b))[0] ?? utils.IpNet.parse('10.58.255.0/24')
-    const next = utils.IpNet.fromIpPrefix(last.last().add(2), 24)
+    const next = utils.IpNet.fromIpPrefix(last.broadcast().add(2), 24)
     if (!next.isPublic()) {
       return next.ipnet
     }