Apply ratbox3 workaround for too permissive inet_pton6():
Any kline (or various other things) containing * or ? is a mask kline and not an IP kline. Ideally, rb_inet_pton_sock() would return failure for those, but in practice this is not always the case for IPv6. Such a kline that is erroneously treated as an IP line likely matches way fewer IPs than expected.
This commit is contained in:
parent
11dff8a423
commit
17e4b48b55
1 changed files with 5 additions and 1 deletions
|
@ -63,6 +63,10 @@ parse_netmask(const char *text, struct sockaddr *naddr, int *nb)
|
||||||
else
|
else
|
||||||
addr = (struct rb_sockaddr_storage *)naddr;
|
addr = (struct rb_sockaddr_storage *)naddr;
|
||||||
|
|
||||||
|
if(strpbrk(ip, "*?") != NULL)
|
||||||
|
{
|
||||||
|
return HM_HOST;
|
||||||
|
}
|
||||||
#ifdef RB_IPV6
|
#ifdef RB_IPV6
|
||||||
if(strchr(ip, ':'))
|
if(strchr(ip, ':'))
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue