src: Check range bounds before converting to prefix

The lower bound must be the first value of the prefix to be coverted.
For example, range "10.0.0.15-10.0.0.240" can not be converted to
"10.0.0.15/24". Validate it by checking if the lower bound value has
enough trailing zeros.

Signed-off-by: Xiao Liang <shaw.leon@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index cbf9d436e6877cd7c0598f7b69f9e5980f6873c4..0fd0b6647643f147463e55063e8645909b9dd1bd 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1079,12 +1079,15 @@ struct expr *range_expr_to_prefix(struct expr *range)
 
        if (mpz_bitmask_is_prefix(bitmask, len)) {
                prefix_len = mpz_bitmask_to_prefix(bitmask, len);
-               prefix = prefix_expr_alloc(&range->location, expr_get(left),
-                                          prefix_len);
-               mpz_clear(bitmask);
-               expr_free(range);
-
-               return prefix;
+               if (mpz_scan1(left->value, 0) >= len - prefix_len) {
+                       prefix = prefix_expr_alloc(&range->location,
+                                                  expr_get(left),
+                                                  prefix_len);
+                       mpz_clear(bitmask);
+                       expr_free(range);
+
+                       return prefix;
+               }
        }
        mpz_clear(bitmask);