summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormsalle <mischa.salle@gmail.com>2020-01-02 12:18:29 +0100
committerTomáš Mráz <t8m@users.noreply.github.com>2020-01-02 12:18:29 +0100
commit527f158ec3b23b20dda19b46d000c69ed959b168 (patch)
tree09faaf81e892a8560890cade2e1b47483ecab60e
parent1781f0165c6f83601088f47681a05956ad9c21e1 (diff)
pam_access: Fix (IPv6) address prefix size matching
IPv6 address prefix sizes larger than 128 (i.e. not larger or equal to) should be discarded. Additionally, for IPv4 addresses, the largest valid prefix size should be 32. Fixes #161
-rw-r--r--modules/pam_access/pam_access.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 128da01d..b57397be 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -737,7 +737,9 @@ network_netmask_match (pam_handle_t *pamh,
{ /* invalid netmask value */
return NO;
}
- if ((netmask < 0) || (netmask >= 128))
+ if ((netmask < 0)
+ || (addr_type == AF_INET && netmask > 32)
+ || (addr_type == AF_INET6 && netmask > 128))
{ /* netmask value out of range */
return NO;
}