fix bad shift in conditional netmask ".../0" handling

config conditionals like $HTTP["remoteip"] == "a.b.c.d/0" (or completely broken netmasks) triggered bad shifts. Matching against "/0" is not very useful though - it is always true. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2963 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-04-14 16:12:11 +00:00 · 2014-04-14 16:12:11 +00:00 · f8f3351506
parent 3605a3bec3
commit f8f3351506
2 changed files with 8 additions and 1 deletions
--- a/1
+++ b/1
@ -5,6 +5,7 @@ NEWS

 - 1.4.36
  * use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
+  * fix bad shift in conditional netmask ".../0" handling

 - 1.4.35 - 2014-03-12
  * [network/ssl] fix build error if TLSEXT is disabled
--- a/src/configfile-glue.c
+++ b/src/configfile-glue.c
@ -357,6 +357,12 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, dat
 				return COND_RESULT_FALSE;
 			}

+			if (nm_bits > 32 || nm_bits < 0) {
+				log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: invalid netmask:", dc->string, err);
+
+				return COND_RESULT_FALSE;
+			}
+
 			/* take IP convert to the native */
 			buffer_copy_string_len(srv->cond_check_buf, dc->string->ptr, nm_slash - dc->string->ptr);
 #ifdef __WIN32
@ -375,7 +381,7 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, dat
 #endif

 			/* build netmask */
-			nm = htonl(~((1 << (32 - nm_bits)) - 1));
+			nm = nm_bits ? htonl(~((1 << (32 - nm_bits)) - 1)) : 0;

 			if ((val_inp.s_addr & nm) == (con->dst_addr.ipv4.sin_addr.s_addr & nm)) {
 				return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE;