From e3c03dedff0342a6982de37c491b2c2c724988ae Mon Sep 17 00:00:00 2001
From: Alex Dowad <alexinbeijing@gmail.com>
Date: Wed, 16 Apr 2014 21:46:50 +0200
Subject: squark-filter: reject lines with invalid IP addresses

Input lines which contain client IPs with octets > 255 will not be processed.
---
 src/blob.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/blob.c')

diff --git a/src/blob.c b/src/blob.c
index 4ddc156..3abd0c5 100644
--- a/src/blob.c
+++ b/src/blob.c
@@ -192,10 +192,14 @@ void blob_percent_decode(blob_t *blob)
 int blob_pull_inet_addr(blob_t *b, struct in_addr *saddr)
 {
 	unsigned long ip = 0;
+	unsigned int octet;
 	int i;
 
 	for (i = 0; i < 3; i++) {
-		ip += blob_pull_uint(b, 10);
+		octet = blob_pull_uint(b, 10);
+		if (octet > 255)
+			return 0;
+		ip += octet;
 		ip <<= 8;
 		if (!blob_pull_matching(b, BLOB_STR(".")))
 			return 0;
-- 
cgit v1.2.3