summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/modules/m_spanningtree.cpp19
-rw-r--r--src/socket.cpp12
2 files changed, 23 insertions, 8 deletions
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index e98b7b460..91a917b8e 100644
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -3050,13 +3050,20 @@ class TreeSocket : public InspSocket
* IPs for which we don't have a link block.
*/
bool found = false;
- vector<Link>::iterator i;
+
found = (std::find(ValidIPs.begin(), ValidIPs.end(), ip) != ValidIPs.end());
if (!found)
{
- WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip);
- close(newsock);
- return false;
+ for (vector<std::string>::iterator i = ValidIPs.begin(); i != ValidIPs.end(); i++)
+ if (MatchCIDR(ip, (*i).c_str()))
+ found = true;
+
+ if (!found)
+ {
+ WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip);
+ close(newsock);
+ return false;
+ }
}
TreeSocket* s = new TreeSocket(newsock, ip);
Srv->AddSocket(s);
@@ -3345,6 +3352,7 @@ void ReadConfiguration(bool rebind)
for (int j =0; j < Conf->Enumerate("link"); j++)
{
Link L;
+ std::string Allow = Conf->ReadValue("link","allowmask",j);
L.Name = (Conf->ReadValue("link","name",j)).c_str();
L.IPAddr = Conf->ReadValue("link","ipaddr",j);
L.Port = Conf->ReadInteger("link","port",j,true);
@@ -3359,6 +3367,9 @@ void ReadConfiguration(bool rebind)
{
ValidIPs.push_back(L.IPAddr);
+ if (Allow.length())
+ ValidIPs.push_back(Allow);
+
/* Needs resolving */
insp_inaddr binip;
if (insp_aton(L.IPAddr.c_str(), &binip) < 1)
diff --git a/src/socket.cpp b/src/socket.cpp
index 993b7e90b..b45322c3d 100644
--- a/src/socket.cpp
+++ b/src/socket.cpp
@@ -45,6 +45,10 @@ bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mas
unsigned int modulus = mask_bits % 8; /* Number of whole bytes in the mask */
unsigned int divisor = mask_bits / 8; /* Remaining bits in the mask after whole bytes are dealt with */
+ /* We shouldnt match anything, /0 is always valid */
+ if (!mask_bits)
+ return true;
+
/* First compare the whole bytes, if they dont match, return false */
if (memcmp(address, mask, divisor))
return false;
@@ -97,8 +101,8 @@ bool MatchCIDR(const char* address, const char* cidr_mask)
memcpy(&addr_raw, &address_in6.s6_addr, 16);
memcpy(&mask_raw, &mask_in6.s6_addr, 16);
- if (mask > 128)
- mask = 128;
+ if (bits > 128)
+ bits = 128;
}
else
{
@@ -115,8 +119,8 @@ bool MatchCIDR(const char* address, const char* cidr_mask)
memcpy(&addr_raw, &address_in4.s_addr, 4);
memcpy(&mask_raw, &mask_in4.s_addr, 4);
- if (mask > 32)
- mask = 32;
+ if (bits > 32)
+ bits = 32;
}
else
{