From 6aaf7047297b739377e7d509cb914f32447fb281 Mon Sep 17 00:00:00 2001
From: Attila Molnar <attilamolnar@hush.com>
Date: Mon, 10 Mar 2014 12:17:41 +0100
Subject: Improve detection for non-cidr masks to prevent unwanted matches

Fixes issue #762 reported by @neoinr
---
 src/cidr.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/cidr.cpp')

diff --git a/src/cidr.cpp b/src/cidr.cpp
index 050a3549d..a4a252a48 100644
--- a/src/cidr.cpp
+++ b/src/cidr.cpp
@@ -65,8 +65,14 @@ bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr
 		cidr_copy.assign(cidr_mask);
 	}
 
-	if (cidr_copy.find('/') == std::string::npos)
+	const std::string::size_type per_pos = cidr_copy.rfind('/');
+	if ((per_pos == std::string::npos) || (per_pos == cidr_copy.length()-1)
+		|| (cidr_copy.find_first_not_of("0123456789", per_pos+1) != std::string::npos)
+		|| (cidr_copy.find_first_not_of("0123456789.:") < per_pos))
+	{
+		// The CIDR mask is invalid
 		return false;
+	}
 
 	irc::sockets::sockaddrs addr;
 	irc::sockets::aptosa(address_copy, 0, addr);
-- 
cgit v1.2.3