From 84dc48d1426212ed44f3df3fc88cc64cf0e0f610 Mon Sep 17 00:00:00 2001 From: Daniel Vassdal Date: Sun, 24 Nov 2013 16:46:04 -0800 Subject: Fix OOB error in sa2cidr() --- src/socket.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/socket.cpp b/src/socket.cpp index 6fc7b13f8..a695f8c73 100644 --- a/src/socket.cpp +++ b/src/socket.cpp @@ -264,35 +264,41 @@ bool irc::sockets::sockaddrs::operator==(const irc::sockets::sockaddrs& other) c static void sa2cidr(irc::sockets::cidr_mask& cidr, const irc::sockets::sockaddrs& sa, int range) { const unsigned char* base; + unsigned char target_byte; cidr.type = sa.sa.sa_family; + + memset(cidr.bits, 0, sizeof(cidr.bits)); + if (cidr.type == AF_INET) { + target_byte = sizeof(sa.in4.sin_addr); base = (unsigned char*)&sa.in4.sin_addr; if (range > 32) range = 32; } else if (cidr.type == AF_INET6) { + target_byte = sizeof(sa.in6.sin6_addr); base = (unsigned char*)&sa.in6.sin6_addr; if (range > 128) range = 128; } else { - base = (unsigned char*)""; - range = 0; + cidr.length = 0; + return; } cidr.length = range; unsigned int border = range / 8; unsigned int bitmask = (0xFF00 >> (range & 7)) & 0xFF; - for(unsigned int i=0; i < 16; i++) + for(unsigned int i=0; i < target_byte; i++) { if (i < border) cidr.bits[i] = base[i]; else if (i == border) cidr.bits[i] = base[i] & bitmask; else - cidr.bits[i] = 0; + return; } } -- cgit v1.2.3