From 30262fc45bc616ef1613e9cbfa21ff8641b4ff9d Mon Sep 17 00:00:00 2001
From: laforge <laforge>
Date: Wed, 4 Feb 2004 09:02:23 +0000
Subject: fix mask '/0' case (David Ahern) (Closes: #147)

---
 extensions/libipt_connlimit.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'extensions/libipt_connlimit.c')

diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index c82c6e4..4b61701 100644
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -43,6 +43,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
       struct ipt_entry_match **match)
 {
 	struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+	int i;
 
 	if (0 == (*flags & 2)) {
 		/* set default mask unless we've already seen a mask option */
@@ -58,7 +59,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		break;
 
 	case '2':
-		info->mask = htonl(0xFFFFFFFF << (32 - atoi(argv[optind-1])));
+		i = atoi(argv[optind-1]);
+		if ((i < 0) || (i > 32))
+			exit_error(PARAMETER_PROBLEM,
+				"--connlimit-mask must be between 0 and 32");
+
+		if (i == 0)
+			info->mask = 0;
+		else
+			info->mask = htonl(0xFFFFFFFF << (32 - i));
 		*flags |= 2;
 		break;
 
-- 
cgit v1.2.3