From 6377b6133ce5cb9d811b2da3a7ba3c1d89f5e293 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 20 Aug 2012 13:58:40 +0200 Subject: [PATCH] Verify netmask in subnet definitions --- src/libcharon/plugins/stroke/stroke_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 8689401f5b..fdf6058d39 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -926,6 +926,14 @@ static void add_ts(private_stroke_config_t *this, net = host_create_from_string(subnet, 0); if (net) { + int maxbits = net->get_family(net) == AF_INET ? 32 : 128; + + if (intbits < 0 || intbits > maxbits) + { + DBG1(DBG_CFG, "invalid netmask: %d, changed to %d", + intbits, maxbits); + intbits = maxbits; + } ts = traffic_selector_create_from_subnet(net, intbits, end->protocol, end->port); child_cfg->add_traffic_selector(child_cfg, local, ts); -- 2.47.2