From 305d98b7806aadfecf5d4ab08e66d212b68f9af1 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 13 Aug 2012 12:57:41 +0200
Subject: [PATCH] Validate netmask in traffic_selector_create_from_subnet

Fixes #216.
---
 src/libstrongswan/selectors/traffic_selector.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
index bc814eadd7..38d4b2d068 100644
--- a/src/libstrongswan/selectors/traffic_selector.c
+++ b/src/libstrongswan/selectors/traffic_selector.c
@@ -757,6 +757,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
 	}
 	from = net->get_address(net);
 	memcpy(this->from, from.ptr, from.len);
+	netbits = min(netbits, this->type == TS_IPV4_ADDR_RANGE ? 32 : 128);
 	calc_range(this, netbits);
 	if (port)
 	{
-- 
2.47.2