]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 66eb569)
DetectAddressParseString(): fix IPv6 address handling 1459/head
authorAlexander Gozman <a.gozman@securitycode.ru>
Mon, 23 Mar 2015 17:06:47 +0000 (20:06 +0300)
committerVictor Julien <victor@inliniac.net>
Wed, 6 May 2015 07:57:01 +0000 (09:57 +0200)
src/detect-engine-address.c patch | blob | blame | history

diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c
index 8cecf9a0a6c6a112950dc53e3c9c669ca93b7ef0..c105b977d824c15dd73970c5d3d7044f19c9e8c9 100644 (file)
--- a/src/detect-engine-address.c
+++ b/src/detect-engine-address.c
@@ -709,12 +709,16 @@ int DetectAddressParseString(DetectAddress *dd, char *str)
             ip[mask - ip] = '\0';
             mask++;
 
+            int cidr = atoi(mask);
+            if (cidr < 0 || cidr > 128)
+                    goto error;
+
             r = inet_pton(AF_INET6, ip, &in6);
             if (r <= 0)
                 goto error;
             memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
 
-            DetectAddressParseIPv6CIDR(atoi(mask), &mask6);
+            DetectAddressParseIPv6CIDR(cidr, &mask6);
             memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
 
             dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
Mirror of https://github.com/OISF/suricata.git