mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-25 11:37:56 +00:00
Tighten IP address check, prevent '..' from being passed
from the check. Submitted by: Ren Zhen <bg1tpt gmail com> MFC after: 2 weeks
This commit is contained in:
parent
01be5be136
commit
cbfaeb5fe3
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=169652
@ -122,7 +122,7 @@ static int
|
||||
verifyIP(char *ip, unsigned long *mask, unsigned long *out)
|
||||
{
|
||||
long a, b, c, d;
|
||||
char *endptr;
|
||||
char *endptr, *endptr_prev;
|
||||
|
||||
unsigned long parsedip;
|
||||
unsigned long max_addr = (255 << 24) | (255 << 16) | (255 << 8) | 255;
|
||||
@ -130,16 +130,19 @@ verifyIP(char *ip, unsigned long *mask, unsigned long *out)
|
||||
if (ip == NULL)
|
||||
return 0;
|
||||
a = strtol(ip, &endptr, 10);
|
||||
if (*endptr++ != '.')
|
||||
if (endptr - ip == 0 || *endptr++ != '.')
|
||||
return 0;
|
||||
endptr_prev = endptr;
|
||||
b = strtol(endptr, &endptr, 10);
|
||||
if (*endptr++ != '.')
|
||||
if (endptr - endptr_prev == 0 || *endptr++ != '.')
|
||||
return 0;
|
||||
endptr_prev = endptr;
|
||||
c = strtol(endptr, &endptr, 10);
|
||||
if (*endptr++ != '.')
|
||||
if (endptr - endptr_prev == 0 || *endptr++ != '.')
|
||||
return 0;
|
||||
endptr_prev = endptr;
|
||||
d = strtol(endptr, &endptr, 10);
|
||||
if (*endptr != '\0')
|
||||
if (*endptr != '\0' || endptr - endptr_prev == 0)
|
||||
return 0;
|
||||
if (!_validByte(a) || !_validByte(b) || !_validByte(c) || !_validByte(d))
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user