From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 13 Aug 2012 11:54:28 +0000 (+0200)
Subject: Validate netmask in mem_pool_create
X-Git-Tag: 5.0.1~207
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a917ac77f357309eb983fd134fe525c19088250;p=thirdparty%2Fstrongswan.git

Validate netmask in mem_pool_create
---

diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c
index 8af97dc78a..f55b3a7d1d 100644
--- a/src/libhydra/attributes/mem_pool.c
+++ b/src/libhydra/attributes/mem_pool.c
@@ -480,6 +480,7 @@ mem_pool_t *mem_pool_create(char *name, host_t *base, int bits)
 	if (base)
 	{
 		addr_bits = base->get_family(base) == AF_INET ? 32 : 128;
+		bits = max(0, min(bits, base->get_family(base) == AF_INET ? 32 : 128));
 		/* net bits -> host bits */
 		bits = addr_bits - bits;
 		if (bits > POOL_LIMIT)