fix bad shift in conditional netmask ".../0" handling

config conditionals like $HTTP["remoteip"] == "a.b.c.d/0" (or completely
broken netmasks) triggered bad shifts. Matching against "/0" is not very
useful though - it is always true.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2963 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.36
Stefan Bühler 9 years ago
parent 3605a3bec3
commit f8f3351506
  1. 1
      NEWS
  2. 8
      src/configfile-glue.c

@ -5,6 +5,7 @@ NEWS
- 1.4.36
* use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
* fix bad shift in conditional netmask ".../0" handling
- 1.4.35 - 2014-03-12
* [network/ssl] fix build error if TLSEXT is disabled

@ -357,6 +357,12 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, dat
return COND_RESULT_FALSE;
}
if (nm_bits > 32 || nm_bits < 0) {
log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: invalid netmask:", dc->string, err);
return COND_RESULT_FALSE;
}
/* take IP convert to the native */
buffer_copy_string_len(srv->cond_check_buf, dc->string->ptr, nm_slash - dc->string->ptr);
#ifdef __WIN32
@ -375,7 +381,7 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, dat
#endif
/* build netmask */
nm = htonl(~((1 << (32 - nm_bits)) - 1));
nm = nm_bits ? htonl(~((1 << (32 - nm_bits)) - 1)) : 0;
if ((val_inp.s_addr & nm) == (con->dst_addr.ipv4.sin_addr.s_addr & nm)) {
return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE;

Loading…
Cancel
Save