diff options
| -rw-r--r-- | src/modules/m_spanningtree.cpp | 19 | ||||
| -rw-r--r-- | src/socket.cpp | 12 |
2 files changed, 23 insertions, 8 deletions
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp index e98b7b460..91a917b8e 100644 --- a/src/modules/m_spanningtree.cpp +++ b/src/modules/m_spanningtree.cpp @@ -3050,13 +3050,20 @@ class TreeSocket : public InspSocket * IPs for which we don't have a link block. */ bool found = false; - vector<Link>::iterator i; + found = (std::find(ValidIPs.begin(), ValidIPs.end(), ip) != ValidIPs.end()); if (!found) { - WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip); - close(newsock); - return false; + for (vector<std::string>::iterator i = ValidIPs.begin(); i != ValidIPs.end(); i++) + if (MatchCIDR(ip, (*i).c_str())) + found = true; + + if (!found) + { + WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip); + close(newsock); + return false; + } } TreeSocket* s = new TreeSocket(newsock, ip); Srv->AddSocket(s); @@ -3345,6 +3352,7 @@ void ReadConfiguration(bool rebind) for (int j =0; j < Conf->Enumerate("link"); j++) { Link L; + std::string Allow = Conf->ReadValue("link","allowmask",j); L.Name = (Conf->ReadValue("link","name",j)).c_str(); L.IPAddr = Conf->ReadValue("link","ipaddr",j); L.Port = Conf->ReadInteger("link","port",j,true); @@ -3359,6 +3367,9 @@ void ReadConfiguration(bool rebind) { ValidIPs.push_back(L.IPAddr); + if (Allow.length()) + ValidIPs.push_back(Allow); + /* Needs resolving */ insp_inaddr binip; if (insp_aton(L.IPAddr.c_str(), &binip) < 1) diff --git a/src/socket.cpp b/src/socket.cpp index 993b7e90b..b45322c3d 100644 --- a/src/socket.cpp +++ b/src/socket.cpp @@ -45,6 +45,10 @@ bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mas unsigned int modulus = mask_bits % 8; /* Number of whole bytes in the mask */ unsigned int divisor = mask_bits / 8; /* Remaining bits in the mask after whole bytes are dealt with */ + /* We shouldnt match anything, /0 is always valid */ + if (!mask_bits) + return true; + /* First compare the whole bytes, if they dont match, return false */ if (memcmp(address, mask, divisor)) return false; @@ -97,8 +101,8 @@ bool MatchCIDR(const char* address, const char* cidr_mask) memcpy(&addr_raw, &address_in6.s6_addr, 16); memcpy(&mask_raw, &mask_in6.s6_addr, 16); - if (mask > 128) - mask = 128; + if (bits > 128) + bits = 128; } else { @@ -115,8 +119,8 @@ bool MatchCIDR(const char* address, const char* cidr_mask) memcpy(&addr_raw, &address_in4.s_addr, 4); memcpy(&mask_raw, &mask_in4.s_addr, 4); - if (mask > 32) - mask = 32; + if (bits > 32) + bits = 32; } else { |