From: djm@openbsd.org <djm@openbsd.org>
Date: Fri, 29 Apr 2022 04:55:07 +0000 (+0000)
Subject: upstream: be stricter in which characters will be accepted in
X-Git-Tag: V_9_1_P1~175
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a45615cb172bc827e21ec76750de39dfb30ecc05;p=thirdparty%2Fopenssh-portable.git

upstream: be stricter in which characters will be accepted in

specifying a mask length; allow only 0-9. From khaleesicodes via GHPR#278; ok
dtucker@

OpenBSD-Commit-ID: e267746c047ea86665cdeccef795a8a56082eeb2
---

diff --git a/addr.c b/addr.c
index 1ad10ae0f..abf3e3d97 100644
--- a/addr.c
+++ b/addr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: addr.c,v 1.4 2021/10/22 10:51:57 dtucker Exp $ */
+/* $OpenBSD: addr.c,v 1.5 2022/04/29 04:55:07 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -397,7 +397,7 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
 		*mp = '\0';
 		mp++;
 		masklen = strtoul(mp, &cp, 10);
-		if (*mp == '\0' || *cp != '\0' || masklen > 128)
+		if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128)
 			return -1;
 	}