0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-29 18:22:50 +01:00

Skip cidr checking for bans with negative or too large cidrlen.

Upto some length, such bans could match the exact IP address.

Obtained from: ircd-ratbox (androsyn)
This commit is contained in:
Jilles Tjoelker 2013-01-29 23:29:34 +01:00
parent 3dae60ef47
commit 4dbd5e07ad

View file

@ -436,12 +436,15 @@ int match_cidr(const char *s1, const char *s2)
*len++ = '\0'; *len++ = '\0';
cidrlen = atoi(len); cidrlen = atoi(len);
if (cidrlen == 0) if (cidrlen <= 0)
return 0; return 0;
#ifdef RB_IPV6 #ifdef RB_IPV6
if (strchr(ip, ':') && strchr(ipmask, ':')) if (strchr(ip, ':') && strchr(ipmask, ':'))
{ {
if (cidrlen > 128)
return 0;
aftype = AF_INET6; aftype = AF_INET6;
ipptr = &((struct sockaddr_in6 *)&ipaddr)->sin6_addr; ipptr = &((struct sockaddr_in6 *)&ipaddr)->sin6_addr;
maskptr = &((struct sockaddr_in6 *)&maskaddr)->sin6_addr; maskptr = &((struct sockaddr_in6 *)&maskaddr)->sin6_addr;
@ -450,6 +453,9 @@ int match_cidr(const char *s1, const char *s2)
#endif #endif
if (!strchr(ip, ':') && !strchr(ipmask, ':')) if (!strchr(ip, ':') && !strchr(ipmask, ':'))
{ {
if (cidrlen > 32)
return 0;
aftype = AF_INET; aftype = AF_INET;
ipptr = &((struct sockaddr_in *)&ipaddr)->sin_addr; ipptr = &((struct sockaddr_in *)&ipaddr)->sin_addr;
maskptr = &((struct sockaddr_in *)&maskaddr)->sin_addr; maskptr = &((struct sockaddr_in *)&maskaddr)->sin_addr;