From 79b7b7a0ddfdcd7664ca328a41d24fbca75e3e54 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Tue, 1 Mar 2022 12:42:49 +0100
Subject: [PATCH] detect/iponly: validate netmask

Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
---
 src/detect-engine-iponly.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c
index 107f09cc87..ca77b67692 100644
--- a/src/detect-engine-iponly.c
+++ b/src/detect-engine-iponly.c
@@ -228,16 +228,11 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem **pdd, const char *str)
                 if (r <= 0)
                     goto error;
 
-                netmask = in.s_addr;
-                if (netmask != 0) {
-                    uint32_t m = netmask;
-                    /* Extract cidr netmask */
-                    while ((0x01 & m) == 0) {
-                        dd->netmask++;
-                        m = m >> 1;
-                    }
-                    dd->netmask = 32 - dd->netmask;
-                }
+                int cidr = CIDRFromMask(in.s_addr);
+                if (cidr < 0)
+                    goto error;
+
+                dd->netmask = (uint8_t)cidr;
             }
 
             r = inet_pton(AF_INET, ip, &in);
-- 
2.47.2