summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authormsalle <mischa.salle@gmail.com>2020-01-02 12:18:29 +0100
committerTomáš Mráz <t8m@users.noreply.github.com>2020-01-02 12:18:29 +0100
commit527f158ec3b23b20dda19b46d000c69ed959b168 (patch)
tree09faaf81e892a8560890cade2e1b47483ecab60e /modules
parent1781f0165c6f83601088f47681a05956ad9c21e1 (diff)
pam_access: Fix (IPv6) address prefix size matching
IPv6 address prefix sizes larger than 128 (i.e. not larger or equal to) should be discarded. Additionally, for IPv4 addresses, the largest valid prefix size should be 32. Fixes #161
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_access/pam_access.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 128da01d..b57397be 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -737,7 +737,9 @@ network_netmask_match (pam_handle_t *pamh,
{ /* invalid netmask value */
return NO;
}
- if ((netmask < 0) || (netmask >= 128))
+ if ((netmask < 0)
+ || (addr_type == AF_INET && netmask > 32)
+ || (addr_type == AF_INET6 && netmask > 128))
{ /* netmask value out of range */
return NO;
}