diff options
author | stilez <stilez@users.noreply.github.com> | 2015-12-03 13:42:08 +0000 |
---|---|---|
committer | stilez <stilez@users.noreply.github.com> | 2015-12-03 13:42:08 +0000 |
commit | ce9dc19873669c8bc3c420e7c57dde3d48d8e64a (patch) | |
tree | 62157b338133ba9b5ec021df7678c5d2f1ad65f4 /src/etc | |
parent | ae81c23b3790734db2553d706e2a8925ffcfbfed (diff) | |
download | pfsense-ce9dc19873669c8bc3c420e7c57dde3d48d8e64a.zip pfsense-ce9dc19873669c8bc3c420e7c57dde3d48d8e64a.tar.gz |
data sanitising: ip2long32, ip2ulong, long2ip32 (Resubmit of #1789)
Self explanatory. If these functions find themselves trying to convert non-int data (or an x64 int with non-zeros in any bits >32) to dotted IPv4, or non-dotted IPv4 to integer IPv4 values, something's wrong and they shouldn't return a value that looks like they succeeded.
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/util.inc | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 88d48fa..e9cb7cb 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -427,19 +427,24 @@ function gen_subnet_mask($bits) { return long2ip(gen_subnet_mask_long($bits)); } -/* Convert long int to IP address, truncating to 32-bits. */ +/* Convert long int to IPv4 address + Returns '' if not valid IPv4 (including if any bits >32 are non-zero) */ function long2ip32($ip) { - return long2ip($ip & 0xFFFFFFFF); + return ((is_int($ip) && ($ip >> 32) == 0) ? long2ip($ip & 0xFFFFFFFF) : ''); } -/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */ +/* Convert IPv4 address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. + Returns '' if not valid IPv4. */ function ip2long32($ip) { - return (ip2long($ip) & 0xFFFFFFFF); + $a = ip2long($ip); + return ($a === False ? '' : $a & 0xFFFFFFFF); } -/* Convert IP address to unsigned long int. */ +/* Convert IPv4 address to unsigned long int. + Returns '' if not valid IPv4. */ function ip2ulong($ip) { - return sprintf("%u", ip2long32($ip)); + $a = ip2long($ip); + return ($a === False ? '' : sprintf("%u", $a & 0xFFFFFFFF)); } /* Find out how many IPs are contained within a given IP range |