Check CIDR ban IP address for validity.

Otherwise, we compare to uninitialized stack data. This is wrong but seems
harmless.

Closes #103
This commit is contained in:
Jilles Tjoelker 2015-09-13 22:56:14 +02:00
parent 00fda7b7bd
commit 83e5941c87

View file

@ -397,8 +397,10 @@ int match_ips(const char *s1, const char *s2)
else else
return 0; return 0;
rb_inet_pton(aftype, address, ipptr); if (rb_inet_pton(aftype, address, ipptr) <= 0)
rb_inet_pton(aftype, mask, maskptr); return 0;
if (rb_inet_pton(aftype, mask, maskptr) <= 0)
return 0;
if (comp_with_mask(ipptr, maskptr, cidrlen)) if (comp_with_mask(ipptr, maskptr, cidrlen))
return 1; return 1;
else else
@ -471,8 +473,10 @@ int match_cidr(const char *s1, const char *s2)
else else
return 0; return 0;
rb_inet_pton(aftype, ip, ipptr); if (rb_inet_pton(aftype, ip, ipptr) <= 0)
rb_inet_pton(aftype, ipmask, maskptr); return 0;
if (rb_inet_pton(aftype, ipmask, maskptr) <= 0)
return 0;
if (comp_with_mask(ipptr, maskptr, cidrlen) && match(mask, address)) if (comp_with_mask(ipptr, maskptr, cidrlen) && match(mask, address))
return 1; return 1;
else else