The following reply was made to PR mod_access/1328; it has been noted by GNATS.
From: Dean Gaudet <[EMAIL PROTECTED]>
To: Christophe Tronche <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: mod_access/1328: Bytes are checked in wrong order for T_IP
allowdeny_type, resulting in <Location> not working for IP mask
Date: Tue, 28 Oct 1997 18:39:50 -0800 (PST)
Give this patch a try please.
Dean
Index: modules/standard/mod_access.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_access.c,v
retrieving revision 1.27
diff -u -r1.27 mod_access.c
--- mod_access.c 1997/10/22 20:30:11 1.27
+++ mod_access.c 1997/10/29 02:34:44
@@ -204,12 +204,14 @@
/* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
int shift;
char *t;
+ int octet;
a->type = T_IP;
/* parse components */
s = where;
a->x.ip.net = 0;
- shift = 0;
+ a->x.ip.mask = 0;
+ shift = 24;
while (*s) {
t = s;
if (!isdigit(*t)) {
@@ -226,11 +228,21 @@
a->type = T_FAIL;
return "invalid ip address";
}
- a->x.ip.net |= atoi(s) << shift;
+ if (shift < 0) {
+ return "invalid ip address, only 4 octets allowed";
+ }
+ octet = atoi(s);
+ if (octet < 0 || octet > 255) {
+ a->type = T_FAIL;
+ return "each octet must be between 0 and 255 inclusive";
+ }
+ a->x.ip.net |= octet << shift;
a->x.ip.mask |= 0xFFUL << shift;
- shift += 8;
s = t;
+ shift -= 8;
}
+ a->x.ip.net = ntohl(a->x.ip.net);
+ a->x.ip.mask = ntohl(a->x.ip.mask);
}
else {
a->type = T_HOST;
