Bugs item #2963040, was opened at 2010-03-04 04:04 Message generated for change (Comment added) made by miconda You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2963040...
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: modules Group: ver devel
Status: Closed Resolution: Fixed
Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: allow_source_address_group() not matching correctly
Initial Comment: IP address subnet matching does not work properly when using the allow_source_address_group() function from the Permissions module. The problem comes from /modules_k/permissions/hash.c:568 in function find_group_in_subnet_table().
subnet = ip_addr << table[i].mask; should be subnet = htonl(ntohl(ip_addr) >> table[i].mask);
Here is a git diff to fix it:
diff --git a/modules_k/permissions/hash.c b/modules_k/permissions/hash.c index 7358225..7917d5a 100644 --- a/modules_k/permissions/hash.c +++ b/modules_k/permissions/hash.c @@ -565,7 +565,7 @@ int find_group_in_subnet_table(struct subnet* table,
i = 0; while (i < count) { - subnet = ip_addr << table[i].mask; + subnet = htonl(ntohl(ip_addr) >> table[i].mask); //ip_addr << table[i].mask; if ((table[i].subnet == subnet) && ((table[i].port == port) || (table[i].port == 0))) return table[i].grp;
----------------------------------------------------------------------
Comment By: Daniel-Constantin Mierla (miconda)
Date: 2010-03-17 20:41
Message: Patch was applied.
----------------------------------------------------------------------
You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2963040...