From 5e440b4482a1105e9b4e5917ebd4a2f985bac965 Mon Sep 17 00:00:00 2001 From: z3APA3A <3APA3A@3proxy.ru> Date: Wed, 20 Jan 2016 01:04:03 +0300 Subject: [PATCH 1/2] publish as 0.9-devel --- src/version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/version.h b/src/version.h index a22a3c7..c99bd61 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ -#define VERSION "3proxy-0.8-pre" -#define BUILDDATE "160113233318" +#define VERSION "3proxy-0.9-devel" +#define BUILDDATE "160120010251" From 359026cb5f3dccd2d8d97a32ea15935ce7a91722 Mon Sep 17 00:00:00 2001 From: z3APA3A <3APA3A@3proxy.ru> Date: Thu, 21 Jan 2016 15:45:39 +0300 Subject: [PATCH 2/2] !!Fix: destination IP may be not checked against ACL --- src/auth.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/auth.c b/src/auth.c index bc31c11..326a4d5 100644 --- a/src/auth.c +++ b/src/auth.c @@ -323,11 +323,13 @@ int IPInentry(struct sockaddr *sa, struct iplist *ipentry){ unsigned char *ip, *ipf, *ipt; + if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0; + ip = (unsigned char *)SAADDR(sa); ipf = (unsigned char *)&ipentry->ip_from; ipt = (unsigned char *)&ipentry->ip_to; - if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0; + addrlen = SAADDRLEN(sa); if(memcmp(ip,ipf,addrlen) < 0 || memcmp(ip,ipt,addrlen) > 0) return 0; @@ -353,7 +355,7 @@ int ACLmatches(struct ace* acentry, struct clientparam * param){ } if(!ipentry) return 0; } - if((acentry->dst && SAISNULL(¶m->req)) || (acentry->dstnames && param->hostname)) { + if((acentry->dst && !SAISNULL(¶m->req)) || (acentry->dstnames && param->hostname)) { for(ipentry = acentry->dst; ipentry; ipentry = ipentry->next) if(IPInentry((struct sockaddr *)¶m->req, ipentry)) { break;