summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXiao Liang <shaw.leon@gmail.com>2021-09-06 11:06:41 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2021-09-06 22:21:10 +0200
commitcca4c856301caa8959ac98aac5811130bc19512c (patch)
tree68f9f305e91cf298d02aa02e4e3d5c7f7e36c2c2
parente42551a406b87e8d5c3a790e2bdb04386cafa55a (diff)
src: Check range bounds before converting to prefix
The lower bound must be the first value of the prefix to be coverted. For example, range "10.0.0.15-10.0.0.240" can not be converted to "10.0.0.15/24". Validate it by checking if the lower bound value has enough trailing zeros. Signed-off-by: Xiao Liang <shaw.leon@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/netlink.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/netlink.c b/src/netlink.c
index cbf9d436..0fd0b664 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1079,12 +1079,15 @@ struct expr *range_expr_to_prefix(struct expr *range)
if (mpz_bitmask_is_prefix(bitmask, len)) {
prefix_len = mpz_bitmask_to_prefix(bitmask, len);
- prefix = prefix_expr_alloc(&range->location, expr_get(left),
- prefix_len);
- mpz_clear(bitmask);
- expr_free(range);
-
- return prefix;
+ if (mpz_scan1(left->value, 0) >= len - prefix_len) {
+ prefix = prefix_expr_alloc(&range->location,
+ expr_get(left),
+ prefix_len);
+ mpz_clear(bitmask);
+ expr_free(range);
+
+ return prefix;
+ }
}
mpz_clear(bitmask);