[sr-dev] modules/ipops: matching subnet with mask /0
Michael Furmur
m.furmur at gmail.com
Mon Jul 11 11:35:15 CEST 2016
There is a bug in ipops module related to matching subnet with mask /0
modules/ipops/ipops_mod.c:
> 533 static int w_ip_is_in_subnet(struct sip_msg* _msg, char* _s1,
char* _s2)
> ...
> 538 int netmask = 0;
> ...
> 589 if (netmask == 0)
> 590 {
> 591 if (_compare_ips(string1.s, string1.len, ip1_type,
string2.s, string2.len, ip2_type))
the code above has collision for cases when mask is not specified or
specified as zero.
for example: checking if 127.0.0.1 in 0.0.0.0/0 will give negative
result because of exact ip matching instead of subnet matching
and this is definitely not expected behavior if we speak about CIDR.
the simplest fix is to init 'netmask' variable with -1 and check against
-1 on branching:
> 538 int netmask = -1;
> 589 if (netmask == -1)
please, check and fix
--
Regards
Michael Furmur
More information about the sr-dev
mailing list