fix mask '/0' case (David Ahern) (Closes: #147)

author: Harald Welte <laforge@gnumonks.org> 2004-02-04 09:02:23 +0000
committer: Harald Welte <laforge@gnumonks.org> 2004-02-04 09:02:23 +0000
commit: 09603cb48b44d8a8da26d1ca836343a3a0fd9540 (patch)
tree: f43b3f861f0eb490adefdb9008e7fc3016b28f1b
parent: d2979574652b9c1a49bd25c0e927912cab0a3ac5 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/extensions/libipt_connlimit.c b/extensions/libipt_connlimit.c
index c82c6e4d..4b61701b 100644
--- a/extensions/libipt_connlimit.c
+++ b/extensions/libipt_connlimit.c
@@ -43,6 +43,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
       struct ipt_entry_match **match)
 {
 	struct ipt_connlimit_info *info = (struct ipt_connlimit_info*)(*match)->data;
+	int i;
 
 	if (0 == (*flags & 2)) {
 		/* set default mask unless we've already seen a mask option */
@@ -58,7 +59,15 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 		break;
 
 	case '2':
-		info->mask = htonl(0xFFFFFFFF << (32 - atoi(argv[optind-1])));
+		i = atoi(argv[optind-1]);
+		if ((i < 0) || (i > 32))
+			exit_error(PARAMETER_PROBLEM,
+				"--connlimit-mask must be between 0 and 32");
+
+		if (i == 0)
+			info->mask = 0;
+		else
+			info->mask = htonl(0xFFFFFFFF << (32 - i));
 		*flags |= 2;
 		break;
author	Harald Welte <laforge@gnumonks.org>	2004-02-04 09:02:23 +0000
committer	Harald Welte <laforge@gnumonks.org>	2004-02-04 09:02:23 +0000
commit	09603cb48b44d8a8da26d1ca836343a3a0fd9540 (patch)
tree	f43b3f861f0eb490adefdb9008e7fc3016b28f1b
parent	d2979574652b9c1a49bd25c0e927912cab0a3ac5 (diff)