Both single IP addresses and ranges suffer from an off-by one error.
The range is inclusive so the end address should not be incremented
by one. Compare how 212.174.194.30/32 is parsed vs. 212.174.194.30
or 212.174.194.30-212.174.194.30.
In cidr2range() we have:
*start = cidr.addr;
*end = cidr.addr + (1 << (32 - cidr.bits)) - 1;
so for a /32 address we get start == end which is as expected.
However, the non-CIDR code sets end = end + 1 (or start + 1 for a
single address).
This can cause extra addrs to be blacklisted and also results in a
lot of excess realloc.
Any one agree or disagree?
- todd
Index: libexec/spamd-setup/spamd-setup.c
===================================================================
RCS file: /cvs/src/libexec/spamd-setup/spamd-setup.c,v
retrieving revision 1.39
diff -u -r1.39 spamd-setup.c
--- libexec/spamd-setup/spamd-setup.c 9 Oct 2014 02:43:43 -0000 1.39
+++ libexec/spamd-setup/spamd-setup.c 12 Jan 2015 18:22:43 -0000
@@ -95,7 +95,7 @@
{
if (b == 0)
return (0);
- return (0xffffffff << (32 - b));
+ return (0xffffffffU << (32 - b));
}
u_int8_t
@@ -213,7 +213,7 @@
if (inet_net_pton(AF_INET, astring2, &end->addr,
sizeof(end->addr)) == -1)
return (0);
- end->addr = ntohl(end->addr) + 1;
+ end->addr = ntohl(end->addr);
if (start > end)
return (0);
} else if (sscanf(buf, "%15[0123456789.]", astring) == 1) {
@@ -223,7 +223,7 @@
sizeof(start->addr)) == -1)
return (0);
start->addr = ntohl(start->addr);
- end->addr = start->addr + 1;
+ end->addr = start->addr;
} else
return (0);
