X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=blobdiff_plain;f=helper.c;h=a58e7aae666f30899a9673f2efbaf7b070b8bdd2;hp=0841cd2f89f2083acff44e5669b5e5ca9c8a7089;hb=e858b20cfc084358c4b42be48d2008a6d62d4705;hpb=7027a83b4c98ddaf94c4621e0ee55020e17779e3

diff --git a/helper.c b/helper.c
index 0841cd2..a58e7aa 100644
--- a/helper.c
+++ b/helper.c
@@ -187,7 +187,7 @@ int main(int argc, const char *const *argv) {
 
       unsigned long thaddr, thmask;
       thaddr= (a1<<24)|(a2<<16)|(a3<<8)|(a4);
-      thmask= 0x0ffffffffUL<<(32-alen);
+      thmask= alen ? 0x0ffffffffUL<<(32-alen) : 0;
       if ((haddr4&thmask) != thaddr) continue;
 
     } else {
@@ -196,30 +196,68 @@ int main(int argc, const char *const *argv) {
       if (!comma) continue;
       *comma++ = '\0';
 
+      char *slash = strchr(fnbuf,'/');
       char *hyphen = strchr(fnbuf,'-');
-      const char *min, *max;
-      if (hyphen) {
-	*hyphen++ = '\0';
-	min = fnbuf;
-	max = hyphen;
+
+      if (slash && hyphen)
+	continue;
+
+      if (slash) {
+	int alen;
+	*slash++ = '\0';
+	nchar = -1;
+	sscanf(slash," %u %n",&alen,&nchar);
+	if (nchar != strlen(slash))
+	  continue;
+	unsigned char thaddr[addrlen_any];
+	if (inet_pton(af,fnbuf,thaddr) != 1)
+	  continue;
+	int pfxlen_remain = alen;
+	int i;
+	for (i=0; i<addrlen_any; i++) {
+	  int pfxlen_thisbyte = pfxlen_remain < 8 ? pfxlen_remain : 8;
+	  pfxlen_remain -= pfxlen_thisbyte;
+	  unsigned mask_thisbyte = 0xff ^ (0xff >> pfxlen_thisbyte);
+	  unsigned thaddr_thisbyte = thaddr[i];
+	  unsigned addr_thisbyte = ((unsigned char*)addr_any)[i];
+	  if ((addr_thisbyte & mask_thisbyte) != thaddr_thisbyte)
+	    goto badline;
+	}
+	if (pfxlen_remain) badline: continue;
+	/* hooray */
       } else {
-	min = fnbuf;
-	max = fnbuf;
+	const char *min, *max;
+	if (hyphen) {
+	  *hyphen++ = '\0';
+	  min = fnbuf;
+	  max = hyphen;
+	} else {
+	  min = fnbuf;
+	  max = fnbuf;
+	}
+	unsigned char minaddr[addrlen_any];
+	unsigned char maxaddr[addrlen_any];
+	if (inet_pton(af,min,minaddr) != 1 ||
+	    inet_pton(af,max,maxaddr) != 1)
+	  continue;
+	if (memcmp(addr_any,minaddr,addrlen_any) < 0 ||
+	    memcmp(addr_any,maxaddr,addrlen_any) > 0)
+	  continue;
       }
-      unsigned char minaddr[addrlen_any];
-      unsigned char maxaddr[addrlen_any];
-      if (inet_pton(af,min,minaddr) != 1 ||
-	  inet_pton(af,max,maxaddr) != 1)
-	continue;
-      if (memcmp(addr_any,minaddr,addrlen_any) < 0 ||
-	  memcmp(addr_any,maxaddr,addrlen_any) > 0)
-	continue;
 
-      nchar = -1;
-      sscanf(comma," %u-%u %n",
-	     &pmin,&pmax,&nchar);
-      if (nchar != strlen(comma))
+      if (nchar = -1,
+	  sscanf(comma," %u-%u %n",
+		 &pmin,&pmax,&nchar),
+	  nchar == strlen(comma)) {
+	/* good */
+      } else if (nchar = -1,
+		 sscanf(comma," %u %n",
+			&pmin,&nchar),
+		 nchar == strlen(comma)) {
+	pmax = pmin;
+      } else {
 	continue;
+      }
 
     }
     if (hport<pmin || hport>pmax) continue;