Patrick Williams | c124f4f | 2015-09-15 14:41:29 -0500 | [diff] [blame] | 1 | Upstream-Status: Backport |
| 2 | |
| 3 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5 |
| 4 | --- tcp_wrappers_7.6.orig/hosts_access.5 2003-08-21 03:15:36.000000000 +0200 |
| 5 | +++ tcp_wrappers_7.6/hosts_access.5 2003-08-21 03:15:31.000000000 +0200 |
| 6 | @@ -90,6 +90,10 @@ |
| 7 | pattern `131.155.72.0/255.255.254.0\' matches every address in the |
| 8 | range `131.155.72.0\' through `131.155.73.255\'. |
| 9 | .IP \(bu |
| 10 | +An expression of the form `n.n.n.n/mm' is interpreted as a |
| 11 | +`net/masklength' pair, where `mm' is the number of consecutive `1' |
| 12 | +bits in the netmask applied to the `n.n.n.n' address. |
| 13 | +.IP \(bu |
| 14 | An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a |
| 15 | `[net]/prefixlen\' pair. An IPv6 host address is matched if |
| 16 | `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the |
| 17 | diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c |
| 18 | --- tcp_wrappers_7.6.orig/hosts_access.c 2003-08-21 03:15:36.000000000 +0200 |
| 19 | +++ tcp_wrappers_7.6/hosts_access.c 2003-08-21 03:09:30.000000000 +0200 |
| 20 | @@ -417,7 +417,8 @@ |
| 21 | if ((addr = dot_quad_addr(string)) == INADDR_NONE) |
| 22 | return (NO); |
| 23 | if ((net = dot_quad_addr(net_tok)) == INADDR_NONE |
| 24 | - || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) { |
| 25 | + || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE |
| 26 | + && (mask = cidr_mask_addr(mask_tok)) == 0)) { |
| 27 | #ifndef INET6 |
| 28 | tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok); |
| 29 | #endif |
| 30 | diff -ruN tcp_wrappers_7.6.orig/misc.c tcp_wrappers_7.6/misc.c |
| 31 | --- tcp_wrappers_7.6.orig/misc.c 2003-08-21 03:15:36.000000000 +0200 |
| 32 | +++ tcp_wrappers_7.6/misc.c 2003-08-21 03:09:30.000000000 +0200 |
| 33 | @@ -107,3 +107,17 @@ |
| 34 | } |
| 35 | return (runs == 4 ? inet_addr(str) : INADDR_NONE); |
| 36 | } |
| 37 | + |
| 38 | +/* cidr_mask_addr - convert cidr netmask length to internal form */ |
| 39 | + |
| 40 | +unsigned long cidr_mask_addr(str) |
| 41 | +char *str; |
| 42 | +{ |
| 43 | + int maskbits; |
| 44 | + |
| 45 | + maskbits = atoi(str); |
| 46 | + if (maskbits < 1 || maskbits > 32) |
| 47 | + return (0); |
| 48 | + return htonl(0xFFFFFFFF << (32 - maskbits)); |
| 49 | +} |
| 50 | + |
| 51 | diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c |
| 52 | --- tcp_wrappers_7.6.orig/tcpdchk.c 2003-08-21 03:15:36.000000000 +0200 |
| 53 | +++ tcp_wrappers_7.6/tcpdchk.c 2003-08-21 03:09:30.000000000 +0200 |
| 54 | @@ -497,12 +497,12 @@ |
| 55 | int mask_len; |
| 56 | |
| 57 | if ((dot_quad_addr(pat) == INADDR_NONE |
| 58 | - || dot_quad_addr(mask) == INADDR_NONE) |
| 59 | + || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0) |
| 60 | && (!is_inet6_addr(pat) |
| 61 | || ((mask_len = atoi(mask)) < 0 || mask_len > 128))) |
| 62 | #else |
| 63 | if (dot_quad_addr(pat) == INADDR_NONE |
| 64 | - || dot_quad_addr(mask) == INADDR_NONE) |
| 65 | + || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0) |
| 66 | #endif |
| 67 | tcpd_warn("%s/%s: bad net/mask pattern", pat, mask); |
| 68 | } else if (STR_EQ(pat, "FAIL")) { /* obsolete */ |