fix mask '/0' case (David Ahern) (Closes: #147)

author: laforge <laforge> 2004-02-04 09:02:23 +0000
committer: laforge <laforge> 2004-02-04 09:02:23 +0000
commit: 30262fc45bc616ef1613e9cbfa21ff8641b4ff9d (patch)
tree: f43b3f861f0eb490adefdb9008e7fc3016b28f1b /extensions/libipt_connlimit.c
parent: 1b76367d99844bf1bb5ef55bc155ce1119fc17ba (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index c82c6e4..4b61701 100644
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -43,6 +43,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
       struct ipt_entry_match **match)
 {
 	struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+	int i;
 
 	if (0 == (*flags & 2)) {
 		/* set default mask unless we've already seen a mask option */
@@ -58,7 +59,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		break;
 
 	case '2':
-		info->mask = htonl(0xFFFFFFFF << (32 - atoi(argv[optind-1])));
+		i = atoi(argv[optind-1]);
+		if ((i < 0) || (i > 32))
+			exit_error(PARAMETER_PROBLEM,
+				"--connlimit-mask must be between 0 and 32");
+
+		if (i == 0)
+			info->mask = 0;
+		else
+			info->mask = htonl(0xFFFFFFFF << (32 - i));
 		*flags |= 2;
 		break;
author	laforge <laforge>	2004-02-04 09:02:23 +0000
committer	laforge <laforge>	2004-02-04 09:02:23 +0000
commit	30262fc45bc616ef1613e9cbfa21ff8641b4ff9d (patch)
tree	f43b3f861f0eb490adefdb9008e7fc3016b28f1b /extensions/libipt_connlimit.c
parent	1b76367d99844bf1bb5ef55bc155ce1119fc17ba (diff)