diff --git a/src/3proxy.c b/src/3proxy.c index fb99fb9..76700b1 100644 --- a/src/3proxy.c +++ b/src/3proxy.c @@ -1186,27 +1186,28 @@ int scanipl(unsigned char *arg, struct iplist *dst){ if(dash){ if(!getip46(46, dash+1, (struct sockaddr *)&sa)) return 2; memcpy(&dst->ip_to, SAADDR(&sa), SAADDRLEN(&sa)); + if(*SAFAMILY(&sa) != dst->family || memcmp(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa)) < 0) return 3; return 0; } + memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa)); if(slash){ addrlen = SAADDRLEN(&sa); masklen = atoi(slash+1); - if(masklen >= 0 && masklen<(addrlen*8)){ - int i, nbytes = masklen / 8, nbits = masklen % 8; - - for(i = addrlen; i; i--){ + if(masklen < 0 || masklen > (addrlen*8)) return 4; + else { + int i, nbytes = masklen / 8, nbits = (8 - (masklen % 8)) % 8; + + for(i = addrlen; i>(nbytes + (nbits > 0)); i--){ ((unsigned char *)&dst->ip_from)[i-1] = 0x00; ((unsigned char *)&dst->ip_to)[i-1] = 0xff; } - memcpy(&dst->ip_to, &dst->ip_from, addrlen - i); for(;nbits;nbits--){ - ((unsigned char *)&dst->ip_from)[i-1] &= (0x01<<(nbits-1)); - ((unsigned char *)&dst->ip_to)[i-1] |= (0x01<<(nbits-1)); + ((unsigned char *)&dst->ip_from)[nbytes] &= ~(0x01<<(nbits-1)); + ((unsigned char *)&dst->ip_to)[nbytes] |= (0x01<<(nbits-1)); } return 0; } } - memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa)); return 0; } @@ -1257,7 +1258,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){ } memset(ipl, 0, sizeof(struct iplist)); if (scanipl(arg, ipl)) { - fprintf(stderr, "Invalid IP or CIDR, line %d\n", linenum); + fprintf(stderr, "Invalid IP, IP range or CIDR, line %d\n", linenum); return(NULL); } } while((arg = (unsigned char *)strtok((char *)NULL, ","))); @@ -1315,7 +1316,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){ } memset(ipl, 0, sizeof(struct iplist)); if (scanipl(arg, ipl)) { - fprintf(stderr, "Invalid IP or CIDR, line %d\n", linenum); + fprintf(stderr, "Invalid IP, IP range or CIDR, line %d\n", linenum); return(NULL); } } diff --git a/src/auth.c b/src/auth.c index 2204e04..113f4ce 100644 --- a/src/auth.c +++ b/src/auth.c @@ -313,14 +313,18 @@ int handleredirect(struct clientparam * param, struct ace * acentry){ } int IPInentry(struct sockaddr *sa, struct iplist *ipentry){ - int i, addrlen; + int addrlen; unsigned char *ip, *ipf, *ipt; + + ip = (unsigned char *)SAADDR(sa); ipf = (unsigned char *)&ipentry->ip_from; ipt = (unsigned char *)&ipentry->ip_to; + if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0; addrlen = SAADDRLEN(sa); - for(i=0; iipt[i]) return 0; + + if(memcmp(ip,ipf,addrlen) < 0 || memcmp(ip,ipt,addrlen) > 0) return 0; return 1; } diff --git a/src/common.c b/src/common.c index 5ae3cac..69d1e5f 100644 --- a/src/common.c +++ b/src/common.c @@ -224,7 +224,7 @@ int parsehostname(char *hostname, struct clientparam *param, unsigned short port if(se){ *se = 0; } - if(hostname != param->hostname){ + if(hostname != (char *)param->hostname){ if(param->hostname) myfree(param->hostname); param->hostname = (unsigned char *)mystrdup(hostname + (se!=0)); } diff --git a/src/version.h b/src/version.h index 1ae6423..e426bdc 100644 --- a/src/version.h +++ b/src/version.h @@ -1,2 +1,2 @@ #define VERSION "3proxy-0.8b-devel" -#define BUILDDATE "141213035229" +#define BUILDDATE "141213192542"