From 359026cb5f3dccd2d8d97a32ea15935ce7a91722 Mon Sep 17 00:00:00 2001
From: z3APA3A <3APA3A@3proxy.ru>
Date: Thu, 21 Jan 2016 15:45:39 +0300
Subject: [PATCH] !!Fix: destination IP may be not checked against ACL

---
 src/auth.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/auth.c b/src/auth.c
index bc31c11..326a4d5 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -323,11 +323,13 @@ int IPInentry(struct sockaddr *sa, struct iplist *ipentry){
 	unsigned char *ip, *ipf, *ipt;
 
 
+	if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0;
+
 	ip = (unsigned char *)SAADDR(sa);
 	ipf = (unsigned char *)&ipentry->ip_from;
 	ipt = (unsigned char *)&ipentry->ip_to;
 
-	if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0;
+
 	addrlen = SAADDRLEN(sa);
 	
 	if(memcmp(ip,ipf,addrlen) < 0 || memcmp(ip,ipt,addrlen) > 0) return 0;
@@ -353,7 +355,7 @@ int ACLmatches(struct ace* acentry, struct clientparam * param){
 		}
 	 if(!ipentry) return 0;
 	}
-	if((acentry->dst && SAISNULL(&param->req)) || (acentry->dstnames && param->hostname)) {
+	if((acentry->dst && !SAISNULL(&param->req)) || (acentry->dstnames && param->hostname)) {
 	 for(ipentry = acentry->dst; ipentry; ipentry = ipentry->next)
 		if(IPInentry((struct sockaddr *)&param->req, ipentry)) {
 			break;