upstream: Check that the addresses supplied to Match Address and

Match LocalAddress are valid when parsing in config-test mode.  This will
catch address/mask mismatches before they cause problems at runtime. Found by
Daniel Stocker, ok djm@

OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b

diff --git a/servconf.c b/servconf.c
index 1bc7ee31a1bfdcfce543ebf99b8c6ec4ae1cd756..2ce04cf14031c7f23e3ad2754054cb094c4dbaee 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.368 2020/08/27 01:07:09 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.369 2020/08/28 03:15:52 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1119,6 +1119,9 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
                                    "%.100s' at line %d", ci->host, arg, line);
                } else if (strcasecmp(attrib, "address") == 0) {
                        if (ci == NULL || (ci->test && ci->address == NULL)) {
+                               if (addr_match_list(NULL, arg) != 0)
+                                       fatal("Invalid Match address argument "
+                                           "'%s' at line %d", arg, line);
                                result = 0;
                                continue;
                        }
@@ -1138,6 +1141,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
                        }
                } else if (strcasecmp(attrib, "localaddress") == 0){
                        if (ci == NULL || (ci->test && ci->laddress == NULL)) {
+                               if (addr_match_list(NULL, arg) != 0)
+                                       fatal("Invalid Match localaddress "
+                                           "argument '%s' at line %d", arg,
+                                           line);
                                result = 0;
                                continue;
                        }