mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

ignore meaningless bits in CIDR and warn about them

Browse Source
This commit is contained in:
Igor Sysoev 2007-08-10 13:13:28 +00:00
parent 7a8e33993a
commit 845f6d553a
5 changed files with 48 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/core/ngx_inet.c
View File

@ -214,7 +214,13 @@ ngx_ptocidr(ngx_str_t *text, void *cidr)
in_cidr->mask = htonl((ngx_uint_t) (0 - (1 << (32 - m)))); in_cidr->mask = htonl((ngx_uint_t) (0 - (1 << (32 - m))));
return NGX_OK; if (in_cidr->addr == (in_cidr->addr & in_cidr->mask)) {
return NGX_OK;
}
in_cidr->addr &= in_cidr->mask;
return NGX_DONE;
} }

19
src/event/ngx_event.c
View File

@ -1038,8 +1038,9 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
#if (NGX_DEBUG) #if (NGX_DEBUG)
ngx_event_conf_t *ecf = conf; ngx_event_conf_t *ecf = conf;
ngx_event_debug_t *dc; ngx_int_t rc;
ngx_str_t *value; ngx_str_t *value;
ngx_event_debug_t *dc;
struct hostent *h; struct hostent *h;
ngx_inet_cidr_t in_cidr; ngx_inet_cidr_t in_cidr;
@ -1056,13 +1057,21 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (dc->addr != INADDR_NONE) { if (dc->addr != INADDR_NONE) {
dc->mask = 0xffffffff; dc->mask = 0xffffffff;
return NGX_OK; return NGX_CONF_OK;
} }
if (ngx_ptocidr(&value[1], &in_cidr) == NGX_OK) { rc = ngx_ptocidr(&value[1], &in_cidr);
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
rc = NGX_OK;
}
if (rc == NGX_OK) {
dc->mask = in_cidr.mask; dc->mask = in_cidr.mask;
dc->addr = in_cidr.addr; dc->addr = in_cidr.addr;
return NGX_OK; return NGX_CONF_OK;
} }
h = gethostbyname((char *) value[1].data); h = gethostbyname((char *) value[1].data);
@ -1084,7 +1093,7 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
#endif #endif
return NGX_OK; return NGX_CONF_OK;
} }

10
src/http/modules/ngx_http_access_module.c
View File

@ -137,6 +137,7 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{ {
ngx_http_access_loc_conf_t *alcf = conf; ngx_http_access_loc_conf_t *alcf = conf;
ngx_int_t rc;
ngx_str_t *value; ngx_str_t *value;
ngx_inet_cidr_t in_cidr; ngx_inet_cidr_t in_cidr;
ngx_http_access_rule_t *rule; ngx_http_access_rule_t *rule;
@ -173,12 +174,19 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_OK; return NGX_CONF_OK;
} }
if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { rc = ngx_ptocidr(&value[1], &in_cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]); &value[1]);
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
rule->mask = in_cidr.mask; rule->mask = in_cidr.mask;
rule->addr = in_cidr.addr; rule->addr = in_cidr.addr;

10
src/http/modules/ngx_http_geo_module.c
View File

@ -212,12 +212,20 @@ ngx_http_geo(ngx_conf_t *cf, ngx_command_t *dummy, void *conf)
cidrin.mask = 0; cidrin.mask = 0;
} else { } else {
if (ngx_ptocidr(&value[0], &cidrin) == NGX_ERROR) { rc = ngx_ptocidr(&value[0], &cidrin);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[0]); "invalid parameter \"%V\"", &value[0]);
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless",
&value[0]);
}
cidrin.addr = ntohl(cidrin.addr); cidrin.addr = ntohl(cidrin.addr);
cidrin.mask = ntohl(cidrin.mask); cidrin.mask = ntohl(cidrin.mask);
} }

10
src/http/modules/ngx_http_realip_module.c
View File

@ -188,6 +188,7 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{ {
ngx_http_realip_loc_conf_t *rlcf = conf; ngx_http_realip_loc_conf_t *rlcf = conf;
ngx_int_t rc;
ngx_str_t *value; ngx_str_t *value;
ngx_inet_cidr_t in_cidr; ngx_inet_cidr_t in_cidr;
ngx_http_realip_from_t *from; ngx_http_realip_from_t *from;
@ -215,12 +216,19 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_OK; return NGX_CONF_OK;
} }
if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { rc = ngx_ptocidr(&value[1], &in_cidr);
if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]); &value[1]);
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
if (rc == NGX_DONE) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"low address bits of %V are meaningless", &value[1]);
}
from->mask = in_cidr.mask; from->mask = in_cidr.mask;
from->addr = in_cidr.addr; from->addr = in_cidr.addr;