https://bugzilla.redhat.com/show_bug.cgi?id=1515533 We're already checking if IPv4 prefix isn't too long. But we are not checking if it isn't too short. QEMU supports prefixes longer than 4 (including). I haven't find anything similar related to IPv6 in qemu sources. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_domain.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index df433c2f0..4fc4db68b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -3744,6 +3744,12 @@ qemuDomainDeviceDefValidateNetwork(const virDomainNetDef *net) _("prefix too long")); return -1; } + + if (ip->prefix < 4) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("prefix too short")); + return -1; + } } if (VIR_SOCKET_ADDR_IS_FAMILY(&ip->address, AF_INET6)) { -- 2.13.6