From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Mon, 4 Jan 2016 19:15:50 +0000 (-0500)
Subject: auth: If allow_nets has an invalid value, don't attempt to compare it anymore.
X-Git-Tag: 2.2.22.rc1~384
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f53a1b98d6792a3aa28474fca0901b1de035f8ba;p=thirdparty%2Fdovecot%2Fcore.git

auth: If allow_nets has an invalid value, don't attempt to compare it anymore.

This fixes a potential crash because net_is_in_network() was called with
garbage net_ip.
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 95dfe1e44b..9d9d2274c5 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -1343,10 +1343,8 @@ auth_request_validate_networks(struct auth_request *request,
 		if (net_parse_range(*net, &net_ip, &bits) < 0) {
 			auth_request_log_info(request, AUTH_SUBSYS_DB,
 				"%s: Invalid network '%s'", name, *net);
-		}
-
-		if (remote_ip->family != 0 &&
-		    net_is_in_network(remote_ip, &net_ip, bits)) {
+		} else if (remote_ip->family != 0 &&
+			   net_is_in_network(remote_ip, &net_ip, bits)) {
 			found = TRUE;
 			break;
 		}