DetectAddressParseString(): fix IPv6 address handling

author Alexander Gozman <a.gozman@securitycode.ru>

Mon, 23 Mar 2015 17:06:47 +0000 (20:06 +0300)

committer Victor Julien <victor@inliniac.net>

Tue, 7 Apr 2015 08:58:53 +0000 (10:58 +0200)
author Alexander Gozman <a.gozman@securitycode.ru>
Mon, 23 Mar 2015 17:06:47 +0000 (20:06 +0300)
committer Victor Julien <victor@inliniac.net>
Tue, 7 Apr 2015 08:58:53 +0000 (10:58 +0200)
diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c

index 19b960a79b942c416080d817f0adbd8e7d5c2c61..31e6a7ab81b7e7ff7c791e15e4504a928a41b5fa 100644 (file)
--- a/src/detect-engine-address.c
+++ b/src/detect-engine-address.c
@@ -709,12 +709,16 @@ int DetectAddressParseString(DetectAddress *dd, char *str)
              ip[mask - ip] = '\0';
              mask++;
  
+            int cidr = atoi(mask);
+            if (cidr < 0 || cidr > 128)
+                    goto error;
+
              r = inet_pton(AF_INET6, ip, &in6);
              if (r <= 0)
                  goto error;
              memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
  
-            DetectAddressParseIPv6CIDR(atoi(mask), &mask6);
+            DetectAddressParseIPv6CIDR(cidr, &mask6);
              memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
  
              dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];
author	Alexander Gozman <a.gozman@securitycode.ru>
	Mon, 23 Mar 2015 17:06:47 +0000 (20:06 +0300)
committer	Victor Julien <victor@inliniac.net>
	Tue, 7 Apr 2015 08:58:53 +0000 (10:58 +0200)