From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 13 Aug 2012 10:57:41 +0000 (+0200)
Subject: Validate netmask in traffic_selector_create_from_subnet
X-Git-Tag: 5.0.1~208
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=305d98b7806aadfecf5d4ab08e66d212b68f9af1;p=thirdparty%2Fstrongswan.git

Validate netmask in traffic_selector_create_from_subnet

Fixes #216.
---

diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index bc814eadd7..38d4b2d068 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -757,6 +757,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
 	}
 	from = net->get_address(net);
 	memcpy(this->from, from.ptr, from.len);
+	netbits = min(netbits, this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
 	calc_range(this, netbits);
 	if (port)
 	{