/
Bugzilla – Bug 2267
Broken IP subnet matching
Last modified: 2004-09-07 13:32:38 UTC
Address restrictions in the form of Allow aaa.bbb.ccc.ddd/NN act like AllowAll, because of the comparison commented out using #if 0. However, the following "return 1" remained in the code so the comparison is left out and success is returned. I have tried the following modification, which seems to make it work again, at least for IPv4. --- proftpd/src/dirtree.c 1 Nov 2003 07:11:07 -0000 1.125 +++ proftpd/src/dirtree.c 4 Nov 2003 21:18:25 -0000 @@ -1556,10 +1556,14 @@ if (cidr_mode) { /* NOTE: encapsulation breakage note/IPv6 change needed here. */ -#if 0 - if ((cli_addr->s_addr & htonl(cidr_mask)) == cidr_addr.s_addr) -#endif + + if (pr_netaddr_get_family(cli_addr) == AF_INET) { + struct in_addr *cli_in_addr = pr_netaddr_get_inaddr(cli_addr); + if ((cli_in_addr->s_addr & htonl(cidr_mask)) == cidr_addr.s_addr) { return 1; + } + }; + } else { pr_netaddr_t *acl_addr = NULL;
*** Bug 2275 has been marked as a duplicate of this bug. ***
*** Bug 2285 has been marked as a duplicate of this bug. ***
This should hopefully be fixed in the current CVS sources.
Resolved in 1.2.9(?).
No, it got _broken_ in 1.2.9. Currently it's fixed in the CVS only.
Ok, you're correct; I didn't see it in NEWS and was going based on comment dates.
*** Bug 2308 has been marked as a duplicate of this bug. ***
*** Bug 2335 has been marked as a duplicate of this bug. ***
*** Bug 2338 has been marked as a duplicate of this bug. ***
*** Bug 2347 has been marked as a duplicate of this bug. ***
*** Bug 2359 has been marked as a duplicate of this bug. ***
*** Bug 2378 has been marked as a duplicate of this bug. ***
*** Bug 2388 has been marked as a duplicate of this bug. ***
Resolved in 1.2.10rc1.
*** Bug 2479 has been marked as a duplicate of this bug. ***