[sr-dev] modules/ipops: matching subnet with mask /0
Daniel-Constantin Mierla
miconda at gmail.com
Mon Jul 11 11:55:40 CEST 2016
Hello,
can you make a pull request on githup project with the patch that you
consider it fixes the issue?
- https://github.com/kamailio/kamailio/pulls
There is easier to review as well as have automatic builds to be sure no
compile issue pops up. Also, the issue is not forgotten, given the
holidays season is around.
Thanks,
Daniel
On 11/07/16 11:35, Michael Furmur wrote:
> There is a bug in ipops module related to matching subnet with mask /0
>
> modules/ipops/ipops_mod.c:
>> 533 static int w_ip_is_in_subnet(struct sip_msg* _msg, char* _s1,
> char* _s2)
>> ...
>> 538 int netmask = 0;
>> ...
>> 589 if (netmask == 0)
>> 590 {
>> 591 if (_compare_ips(string1.s, string1.len, ip1_type,
> string2.s, string2.len, ip2_type))
>
> the code above has collision for cases when mask is not specified or
> specified as zero.
> for example: checking if 127.0.0.1 in 0.0.0.0/0 will give negative
> result because of exact ip matching instead of subnet matching
> and this is definitely not expected behavior if we speak about CIDR.
>
> the simplest fix is to init 'netmask' variable with -1 and check against
> -1 on branching:
>> 538 int netmask = -1;
>> 589 if (netmask == -1)
> please, check and fix
>
--
Daniel-Constantin Mierla
http://www.asipto.com - http://www.kamailio.org
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-dev
mailing list