X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fcidr.cpp;h=f45c63b98d6d0461f43efd9a8c4c99f3f4dbf843;hb=e2b0f3dc9ef4d56c71d7abda13e6139ca092e387;hp=040681766a3a640afd0b83a5460de1617ad1c4a9;hpb=b6dbd6caab62bc2c0d11ce5a45d511611eb9c2ef;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/cidr.cpp b/src/cidr.cpp
index 040681766..f45c63b98 100644
--- a/src/cidr.cpp
+++ b/src/cidr.cpp
@@ -1,81 +1,43 @@
-/*       +------------------------------------+
- *       | Inspire Internet Relay Chat Daemon |
- *       +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
  *
- *  InspIRCd: (C) 2002-2009 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ *   Copyright (C) 2019 Sadie Powell <sadie@witchery.services>
+ *   Copyright (C) 2014-2015 Attila Molnar <attilamolnar@hush.com>
+ *   Copyright (C) 2012 Robby <robby@chatbelgie.be>
+ *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2009 Uli Schlachter <psychon@inspircd.org>
+ *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
+ *   Copyright (C) 2008 Craig Edwards <brain@inspircd.org>
  *
- * This program is free but copyrighted software; see
- *            the file COPYING for details.
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
  *
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-/* $Core */
 
 #include "inspircd.h"
 
-/* Used when comparing CIDR masks for the modulus bits left over.
- * A lot of ircd's seem to do this:
- * ((-1) << (8 - (mask % 8)))
- * But imho, it sucks in comparison to a nice neat lookup table.
- */
-const unsigned char inverted_bits[8] = {	0x00, /* 00000000 - 0 bits - never actually used */
-				0x80, /* 10000000 - 1 bits */
-				0xC0, /* 11000000 - 2 bits */
-				0xE0, /* 11100000 - 3 bits */
-				0xF0, /* 11110000 - 4 bits */
-				0xF8, /* 11111000 - 5 bits */
-				0xFC, /* 11111100 - 6 bits */
-				0xFE  /* 11111110 - 7 bits */
-};
-
-
-/* Match raw bytes using CIDR bit matching, used by higher level MatchCIDR() */
-bool irc::sockets::MatchCIDRBits(const unsigned char* address, const unsigned char* mask, unsigned int mask_bits)
-{
-	unsigned int divisor = mask_bits / 8; /* Number of whole bytes in the mask */
-	unsigned int modulus = mask_bits % 8; /* Remaining bits in the mask after whole bytes are dealt with */
-
-	/* First (this is faster) compare the odd bits with logic ops */
-	if (modulus)
-		if ((address[divisor] & inverted_bits[modulus]) != (mask[divisor] & inverted_bits[modulus]))
-			/* If they dont match, return false */
-			return false;
-
-	/* Secondly (this is slower) compare the whole bytes */
-	if (memcmp(address, mask, divisor))
-		return false;
-
-	/* The address matches the mask, to mask_bits bits of mask */
-	return true;
-}
-
-/* Match CIDR, but dont attempt to match() against leading *!*@ sections */
-bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr_mask)
-{
-	return MatchCIDR(address, cidr_mask, false);
-}
-
 /* Match CIDR strings, e.g. 127.0.0.1 to 127.0.0.0/8 or 3ffe:1:5:6::8 to 3ffe:1::0/32
- * If you have a lot of hosts to match, youre probably better off building your mask once
- * and then using the lower level MatchCIDRBits directly.
  *
  * This will also attempt to match any leading usernames or nicknames on the mask, using
  * match(), when match_with_username is true.
  */
 bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr_mask, bool match_with_username)
 {
-	unsigned char addr_raw[16];
-	unsigned char mask_raw[16];
-	unsigned int bits = 0;
-
 	std::string address_copy;
 	std::string cidr_copy;
 
 	/* The caller is trying to match ident@<mask>/bits.
 	 * Chop off the ident@ portion, use match() on it
-	 * seperately.
+	 * separately.
 	 */
 	if (match_with_username)
 	{
@@ -95,8 +57,8 @@ bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr
 		}
 		else
 		{
-			address_copy = address.substr(username_addr_pos + 1);
-			cidr_copy = cidr_mask.substr(username_mask_pos + 1);
+			address_copy.assign(address, username_addr_pos + 1, std::string::npos);
+			cidr_copy.assign(cidr_mask, username_mask_pos + 1, std::string::npos);
 		}
 	}
 	else
@@ -105,72 +67,24 @@ bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr
 		cidr_copy.assign(cidr_mask);
 	}
 
-	in_addr  address_in4;
-	in_addr  mask_in4;
-
-	std::string::size_type bits_chars = cidr_copy.rfind('/');
-
-	if (bits_chars != std::string::npos)
+	const std::string::size_type per_pos = cidr_copy.rfind('/');
+	if ((per_pos == std::string::npos) || (per_pos == cidr_copy.length()-1)
+		|| (cidr_copy.find_first_not_of("0123456789", per_pos+1) != std::string::npos)
+		|| (cidr_copy.find_first_not_of("0123456789abcdefABCDEF.:") < per_pos))
 	{
-		bits = atoi(cidr_copy.substr(bits_chars + 1).c_str());
-		cidr_copy.erase(bits_chars, cidr_copy.length() - bits_chars);
-	}
-	else
-	{
-		/* No 'number of bits' field! */
+		// The CIDR mask is invalid
 		return false;
 	}
 
-#ifdef SUPPORT_IP6LINKS
-	in6_addr address_in6;
-	in6_addr mask_in6;
-
-	if (inet_pton(AF_INET6, address_copy.c_str(), &address_in6) > 0)
-	{
-		if (inet_pton(AF_INET6, cidr_copy.c_str(), &mask_in6) > 0)
-		{
-			memcpy(&addr_raw, &address_in6.s6_addr, 16);
-			memcpy(&mask_raw, &mask_in6.s6_addr, 16);
-
-			if (bits > 128)
-				bits = 128;
-		}
-		else
-		{
-			/* The address was valid ipv6, but the mask
-			 * that goes with it wasnt.
-			 */
-			return false;
-		}
-	}
-	else
-#endif
-	if (inet_pton(AF_INET, address_copy.c_str(), &address_in4) > 0)
-	{
-		if (inet_pton(AF_INET, cidr_copy.c_str(), &mask_in4) > 0)
-		{
-			memcpy(&addr_raw, &address_in4.s_addr, 4);
-			memcpy(&mask_raw, &mask_in4.s_addr, 4);
-
-			if (bits > 32)
-				bits = 32;
-		}
-		else
-		{
-			/* The address was valid ipv4,
-			 * but the mask that went with it wasnt.
-			 */
-			return false;
-		}
-	}
-	else
+	irc::sockets::sockaddrs addr;
+	if (!irc::sockets::aptosa(address_copy, 0, addr))
 	{
-		/* The address was neither ipv4 or ipv6 */
+		// The address could not be parsed.
 		return false;
 	}
 
-	/* Low-level-match the bits in the raw data */
-	return MatchCIDRBits(addr_raw, mask_raw, bits);
-}
-
+	irc::sockets::cidr_mask mask(cidr_copy);
+	irc::sockets::cidr_mask mask2(addr, mask.length);
 
+	return mask == mask2;
+}