Verify netmask in subnet definitions

author Tobias Brunner <tobias@strongswan.org>

Mon, 20 Aug 2012 11:58:40 +0000 (13:58 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 20 Aug 2012 11:58:40 +0000 (13:58 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 20 Aug 2012 11:58:40 +0000 (13:58 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 20 Aug 2012 11:58:40 +0000 (13:58 +0200)
diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c

index 8689401f5b76bbff9f70f4bb58fcccbf9970030c..fdf6058d397afa4f36b96730d65b07ae8fad030d 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -926,6 +926,14 @@ static void add_ts(private_stroke_config_t *this,
                                 net = host_create_from_string(subnet, 0);
                                 if (net)
                                 {
+                                       int maxbits = net->get_family(net) == AF_INET ? 32 : 128;
+
+                                       if (intbits < 0 || intbits > maxbits)
+                                       {
+                                               DBG1(DBG_CFG, "invalid netmask: %d, changed to %d",
+                                                        intbits, maxbits);
+                                               intbits = maxbits;
+                                       }
                                         ts = traffic_selector_create_from_subnet(net, intbits,
                                                                                                 end->protocol, end->port);
                                         child_cfg->add_traffic_selector(child_cfg, local, ts);
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 20 Aug 2012 11:58:40 +0000 (13:58 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 20 Aug 2012 11:58:40 +0000 (13:58 +0200)