[server] fix shift operation bug in SOURCE subnet processing spotted by Coverity

2014-07-26 23:43:48 -04:00 · 2014-07-26 23:43:48 -04:00 · 4fcd5b317a
commit 4fcd5b317a
parent 134f4c6cfb
2 changed files with 35 additions and 1 deletions
--- a/server/access.c
+++ b/server/access.c
@ -354,7 +354,9 @@ add_source_mask(fko_srv_options_t *opts, acc_stanza_t *acc, const char *ip)

        /* Store our mask converted from CIDR to a 32-bit value.
        */
-        if(need_shift)
+        if(mask == 32)
+            new_sle->mask = 0xFFFFFFFF;
+        else if(need_shift && (mask > 0 && mask < 32))
            new_sle->mask = (0xFFFFFFFF << (32 - mask));
        else
            new_sle->mask = mask;
--- a/test/tests/basic_operations.pl
+++ b/test/tests/basic_operations.pl
@ -3033,6 +3033,38 @@
        ],
        'positive_output_matches' => [qr/Missing\smask/],
    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'access SOURCE format (8)',
+        'function' => \&server_conf_files,
+        'fwknopd_cmdline' => $server_rewrite_conf_files,
+        'exec_err' => $YES,
+        'server_access_file' => [
+            'SOURCE     1.1.1.1/0',
+            'KEY        testtest'
+        ],
+        'server_conf_file' => [
+            '### comment line'
+        ],
+        'positive_output_matches' => [qr/Invalid IP mask/],
+    },
+    {
+        'category' => 'basic operations',
+        'subcategory' => 'server',
+        'detail'   => 'access SOURCE format (9)',
+        'function' => \&server_conf_files,
+        'fwknopd_cmdline' => $server_rewrite_conf_files,
+        'exec_err' => $YES,
+        'server_access_file' => [
+            'SOURCE     1.1.1.1/299.255.255.0',
+            'KEY        testtest'
+        ],
+        'server_conf_file' => [
+            '### comment line'
+        ],
+        'positive_output_matches' => [qr/error parsing IP mask/],
+    },

    {
        'category' => 'basic operations',