#599 allow_source_address_group() not matching correctly

ver devel
closed-fixed
nobody
modules (357)
5
2010-03-17
2010-03-04
Anonymous
No

IP address subnet matching does not work properly when using the allow_source_address_group() function from the Permissions module.
The problem comes from /modules_k/permissions/hash.c:568 in function find_group_in_subnet_table().

subnet = ip_addr << table[i].mask;
should be
subnet = htonl(ntohl(ip_addr) >> table[i].mask);

Here is a git diff to fix it:

diff --git a/modules_k/permissions/hash.c b/modules_k/permissions/hash.c
index 7358225..7917d5a 100644
--- a/modules_k/permissions/hash.c
+++ b/modules_k/permissions/hash.c
@@ -565,7 +565,7 @@ int find_group_in_subnet_table(struct subnet* table,

i = 0;
while (i < count) {
- subnet = ip_addr << table[i].mask;
+ subnet = htonl(ntohl(ip_addr) >> table[i].mask); //ip_addr << table[i].mask;
if ((table[i].subnet == subnet) &&
((table[i].port == port) || (table[i].port == 0)))
return table[i].grp;

Discussion

  • Patch was applied.

     
    • status: open --> closed-fixed