From: Alexander Gozman <a.gozman@securitycode.ru>
Date: Mon, 23 Mar 2015 17:06:47 +0000 (+0300)
Subject: DetectAddressParseString(): fix IPv6 address handling
X-Git-Tag: suricata-2.1beta4~95
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=45ba20bcb09e03ca7a69d0d6107e6e4da5f04a60;p=thirdparty%2Fsuricata.git

DetectAddressParseString(): fix IPv6 address handling
---

diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c
index 19b960a79b..31e6a7ab81 100644
--- a/src/detect-engine-address.c
+++ b/src/detect-engine-address.c
@@ -709,12 +709,16 @@ int DetectAddressParseString(DetectAddress *dd, char *str)
             ip[mask - ip] = '\0';
             mask++;
 
+            int cidr = atoi(mask);
+            if (cidr < 0 || cidr > 128)
+                    goto error;
+
             r = inet_pton(AF_INET6, ip, &in6);
             if (r <= 0)
                 goto error;
             memcpy(&ip6addr, &in6.s6_addr, sizeof(ip6addr));
 
-            DetectAddressParseIPv6CIDR(atoi(mask), &mask6);
+            DetectAddressParseIPv6CIDR(cidr, &mask6);
             memcpy(&netmask, &mask6.s6_addr, sizeof(netmask));
 
             dd->ip2.addr_data32[0] = dd->ip.addr_data32[0] = ip6addr[0] & netmask[0];