mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 06:55:30 +00:00
Fixed probably with printing masked ip addresses.
Catch bogus mask values.
This commit is contained in:
James Brister
@@ -643,8 +643,13 @@ dns_c_ipmatchelement_print(FILE *fp, int indent,
|
|||||||
|
|
||||||
bits = ipme->u.direct.mask;
|
bits = ipme->u.direct.mask;
|
||||||
if (bits > 0) {
|
if (bits > 0) {
|
||||||
|
isc_uint32_t fam =
|
||||||
|
ipme->u.direct.address.type.sa.sa_family;
|
||||||
|
if ((fam == AF_INET && bits < 32) ||
|
||||||
|
(fam == AF_INET6 && bits < 128)) {
|
||||||
fprintf(fp, "/%d", bits);
|
fprintf(fp, "/%d", bits);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case dns_c_ipmatch_indirect:
|
case dns_c_ipmatch_indirect:
|
||||||
@@ -856,7 +861,7 @@ dns_c_iplist_print(FILE *fp, int indent, dns_c_iplist_t *list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
dns_c_printtabs(fp, indent - 1);
|
dns_c_printtabs(fp, indent - 1);
|
||||||
fprintf(fp, "};\n");
|
fprintf(fp, "}");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -943,6 +948,10 @@ checkmask(isc_sockaddr_t *address, isc_uint32_t bits)
|
|||||||
if (address->type.sa.sa_family == AF_INET) {
|
if (address->type.sa.sa_family == AF_INET) {
|
||||||
isc_uint32_t mask;
|
isc_uint32_t mask;
|
||||||
|
|
||||||
|
if (bits > 32) {
|
||||||
|
return (ISC_R_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
mask = ntohl(0xffffffffU << (32 - bits));
|
mask = ntohl(0xffffffffU << (32 - bits));
|
||||||
|
|
||||||
if ((mask & address->type.sin.sin_addr.s_addr) !=
|
if ((mask & address->type.sin.sin_addr.s_addr) !=
|
||||||
@@ -955,6 +964,10 @@ checkmask(isc_sockaddr_t *address, isc_uint32_t bits)
|
|||||||
unsigned char *addrp;
|
unsigned char *addrp;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
if (bits > 128) {
|
||||||
|
return (ISC_R_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
if (bits2v6mask(&iaddr, bits) != ISC_R_SUCCESS) {
|
if (bits2v6mask(&iaddr, bits) != ISC_R_SUCCESS) {
|
||||||
return (ISC_R_FAILURE);
|
return (ISC_R_FAILURE);
|
||||||
}
|
}
|
||||||
@@ -986,24 +999,24 @@ bits2v6mask(struct in6_addr *addr, isc_uint32_t bits)
|
|||||||
isc_uint32_t bitmask[4];
|
isc_uint32_t bitmask[4];
|
||||||
char addrbuff [ sizeof "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" + 1 ];
|
char addrbuff [ sizeof "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" + 1 ];
|
||||||
|
|
||||||
INSIST(bits < 128);
|
INSIST(bits <= 128);
|
||||||
|
|
||||||
/* Break the 128 bits up into 32-bit sections */
|
/* Break the 128 bits up into 32-bit sections */
|
||||||
bitmask[0] = bitmask[1] = bitmask[2] = bitmask[3] = 0U;
|
bitmask[0] = bitmask[1] = bitmask[2] = bitmask[3] = 0U;
|
||||||
|
|
||||||
if (bits > 32) {
|
if (bits >= 32) {
|
||||||
bitmask[0] = 0xffffffffU;
|
bitmask[0] = 0xffffffffU;
|
||||||
} else if (bits > 0) {
|
} else if (bits > 0) {
|
||||||
bitmask[0] = 0xffffffffU << (32 - bits);
|
bitmask[0] = 0xffffffffU << (32 - bits);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bits > 64) {
|
if (bits >= 64) {
|
||||||
bitmask[1] = 0xffffffffU;
|
bitmask[1] = 0xffffffffU;
|
||||||
} else if (bits > 32) {
|
} else if (bits > 32) {
|
||||||
bitmask[1] = 0xffffffffU << (64 - bits);
|
bitmask[1] = 0xffffffffU << (64 - bits);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bits > 96) {
|
if (bits >= 96) {
|
||||||
bitmask[2] = 0xffffffffU;
|
bitmask[2] = 0xffffffffU;
|
||||||
bitmask[3] = 0xffffffffU << (128 - bits);
|
bitmask[3] = 0xffffffffU << (128 - bits);
|
||||||
} else if (bits > 64) {
|
} else if (bits > 64) {
|
||||||
@@ -1022,7 +1035,7 @@ bits2v6mask(struct in6_addr *addr, isc_uint32_t bits)
|
|||||||
(((bitmask[3] & 0xffff0000U) >> 16) & 0xffffU),
|
(((bitmask[3] & 0xffff0000U) >> 16) & 0xffffU),
|
||||||
(bitmask[3] & 0xffff));
|
(bitmask[3] & 0xffff));
|
||||||
|
|
||||||
i = inet_pton(AF_INET6, addrbuff, &addr);
|
i = inet_pton(AF_INET6, addrbuff, addr);
|
||||||
|
|
||||||
return (i == 1 ? ISC_R_SUCCESS : ISC_R_FAILURE);
|
return (i == 1 ? ISC_R_SUCCESS : ISC_R_FAILURE);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user