You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

72 lines
2.3 KiB

  1. --- a/hosts_access.5
  2. +++ b/hosts_access.5
  3. @@ -90,6 +90,9 @@ bitwise AND of the address and the `mask
  4. pattern `131.155.72.0/255.255.254.0' matches every address in the
  5. range `131.155.72.0' through `131.155.73.255'.
  6. .IP \(bu
  7. +An expression of the form `n.n.n.n/m\' is interpreted as a
  8. +`net/prefixlen\' pair, as below, for IPv4 addresses.
  9. +.IP \(bu
  10. A string that begins with a `/' character is treated as a file
  11. name. A host name or address is matched if it matches any host name
  12. or address pattern listed in the named file. The file format is
  13. --- a/tcpd.h
  14. +++ b/tcpd.h
  15. @@ -95,6 +95,7 @@ extern void refuse __P((struct request_i
  16. extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
  17. extern char *split_at __P((char *, int)); /* strchr() and split */
  18. extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
  19. +extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */
  20. /* Global variables. */
  21. --- a/misc.c
  22. +++ b/misc.c
  23. @@ -14,6 +14,8 @@ static char sccsic[] = "@(#) misc.c 1.2
  24. #include <arpa/inet.h>
  25. #include <stdio.h>
  26. #include <string.h>
  27. +#include <ctype.h>
  28. +#include <stdlib.h>
  29. #include "tcpd.h"
  30. @@ -85,3 +87,22 @@ char *str;
  31. }
  32. return (runs == 4 ? inet_addr(str) : INADDR_NONE);
  33. }
  34. +
  35. +/* prefix_to_netmask - convert prefix (0-32) to netmask */
  36. +
  37. +unsigned long prefix_to_netmask(str)
  38. +char *str;
  39. +{
  40. + unsigned long prefix;
  41. + char *endptr;
  42. +
  43. + if (!isdigit(str[0]))
  44. + return INADDR_NONE;
  45. +
  46. + prefix = strtoul(str, &endptr, 10);
  47. + if ((endptr == str) || (*endptr != '\0') || (prefix > 32))
  48. + return INADDR_NONE;
  49. +
  50. + return htonl(~0UL << (32 - prefix));
  51. +}
  52. +
  53. --- a/hosts_access.c
  54. +++ b/hosts_access.c
  55. @@ -345,7 +345,12 @@ char *string;
  56. if ((addr = dot_quad_addr(string)) == INADDR_NONE)
  57. return (NO);
  58. if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
  59. - || (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
  60. + || ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
  61. + && strcmp(mask_tok, "255.255.255.255")
  62. + && (mask = prefix_to_netmask(mask_tok)) == INADDR_NONE
  63. + && strcmp(mask_tok, "32"))) {
  64. + /* 255.255.255.255 == INADDR_NONE, separate check needed. TJ. */
  65. + /* 32 == INADDR_NONE, separate check needed. philipp */
  66. tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
  67. return (NO); /* not tcpd_jump() */
  68. }