From 9603306327f07205ac69ea99b8c0666ba9dc8a1d Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Thu, 20 May 2010 10:48:39 -0600
Subject: Various fixes to usage of ip2long, long2ip, and negated subnet masks,
 mostly affecting 64-bit. Ticket #459

---
 etc/inc/openvpn.inc                     | 18 +++++++++---------
 etc/inc/util.inc                        | 26 ++++++++++++++++++--------
 etc/inc/vpn.inc                         | 10 +++++-----
 usr/local/www/diag_dhcp_leases.php      |  4 ++--
 usr/local/www/diag_states_summary.php   |  2 +-
 usr/local/www/firewall_nat_edit.php     |  4 ++--
 usr/local/www/firewall_nat_out_edit.php |  6 +++---
 usr/local/www/services_dhcp.php         | 20 ++++++++++----------
 usr/local/www/services_dhcp_edit.php    | 12 ++++++------
 usr/local/www/vpn_l2tp.php              |  8 ++++----
 usr/local/www/vpn_pppoe.php             |  8 ++++----
 usr/local/www/vpn_pptp.php              |  8 ++++----
 12 files changed, 68 insertions(+), 58 deletions(-)

diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc
index 72630e7..3fe4574 100644
--- a/etc/inc/openvpn.inc
+++ b/etc/inc/openvpn.inc
@@ -363,9 +363,9 @@ function openvpn_reconfigure($mode,& $settings) {
 		switch($settings['mode']) {
 			case 'p2p_tls':
 			case 'p2p_shared_key':
-				$baselong = ip2long($ip) & ip2long($mask);
-				$ip1 = long2ip($baselong + 1);
-				$ip2 = long2ip($baselong + 2);
+				$baselong = ip2long32($ip) & ip2long($mask);
+				$ip1 = long2ip32($baselong + 1);
+				$ip2 = long2ip32($baselong + 2);
 				$conf .= "ifconfig $ip1 $ip2\n";
 				break;
 			case 'server_tls':
@@ -463,9 +463,9 @@ function openvpn_reconfigure($mode,& $settings) {
 		if (!empty($settings['tunnel_network'])) {
 			list($ip, $mask) = explode('/', $settings['tunnel_network']);
 			$mask = gen_subnet_mask($mask);
-			$baselong = ip2long($ip) & ip2long($mask);
-			$ip1 = long2ip($baselong + 1);
-			$ip2 = long2ip($baselong + 2);
+			$baselong = ip2long32($ip) & ip2long($mask);
+			$ip1 = long2ip32($baselong + 1);
+			$ip2 = long2ip32($baselong + 2);
 			$conf .= "ifconfig $ip2 $ip1\n";
 		}
 
@@ -626,9 +626,9 @@ function openvpn_resync_csc(& $settings) {
 
 	if (!empty($settings['tunnel_network'])) {
 		list($ip, $mask) = explode('/', $settings['tunnel_network']);
-		$baselong = ip2long($ip) & gen_subnet_mask_long($mask);
-		$ip1 = long2ip($baselong + 1);
-		$ip2 = long2ip($baselong + 2);
+		$baselong = ip2long32($ip) & gen_subnet_mask_long($mask);
+		$ip1 = long2ip32($baselong + 1);
+		$ip2 = long2ip32($baselong + 2);
 		$conf .= "ifconfig-push {$ip1} {$ip2}\n";
 	}
 
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 930f9ac..0828bbf 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -198,7 +198,7 @@ function gen_subnet_max($ipaddr, $bits) {
 	if (!is_ipaddr($ipaddr) || !is_numeric($bits))
 		return "";
 
-	return long2ip(ip2long($ipaddr) | ~gen_subnet_mask_long($bits));
+	return long2ip32(ip2long($ipaddr) | ~gen_subnet_mask_long($bits));
 }
 
 /* returns a subnet mask (long given a bit count) */
@@ -216,9 +216,19 @@ function gen_subnet_mask($bits) {
 	return long2ip(gen_subnet_mask_long($bits));
 }
 
+/* Convert long int to IP address, truncating to 32-bits. */
+function long2ip32($ip) {
+	return long2ip($ip & 0xFFFFFFFF);
+}
+
+/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */
+function ip2long32($ip) {
+	return ( ip2long($ip) & 0xFFFFFFFF );
+}
+
 /* Convert IP address to unsigned long int. */
 function ip2ulong($ip) {
-	return sprintf("%u", ip2long($ip));
+	return sprintf("%u", ip2long32($ip));
 }
 
 /* Find out how many IPs are contained within a given IP range
@@ -246,12 +256,12 @@ function find_smallest_cidr($number) {
 
 /* Return the previous IP address before the given address */
 function ip_before($ip) {
-	return long2ip(ip2long($ip)-1);
+	return long2ip32(ip2long($ip)-1);
 }
 
 /* Return the next IP address after the given address */
 function ip_after($ip) {
-	return long2ip(ip2long($ip)+1);
+	return long2ip32(ip2long($ip)+1);
 }
 
 /* Return true if the first IP is 'before' the second */
@@ -347,7 +357,7 @@ function is_ipaddr($ipaddr) {
 		return false;
 
 	$ip_long = ip2long($ipaddr);
-	$ip_reverse = long2ip($ip_long);
+	$ip_reverse = long2ip32($ip_long);
 
 	if ($ipaddr == $ip_reverse)
 		return true;
@@ -891,9 +901,9 @@ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) {
 
 /* compare two IP addresses */
 function ipcmp($a, $b) {
-	if (ip2long($a) < ip2long($b))
+	if (ip_less_than($a, $b))
 		return -1;
-	else if (ip2long($a) > ip2long($b))
+	else if (ip_greater_than($a, $b))
 		return 1;
 	else
 		return 0;
@@ -902,7 +912,7 @@ function ipcmp($a, $b) {
 /* return true if $addr is in $subnet, false if not */
 function ip_in_subnet($addr,$subnet) {
 	list($ip, $mask) = explode('/', $subnet);
-	$mask = 0xffffffff << (32 - $mask);
+	$mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
 	return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
 }
 
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index f2343e1..c874a83 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -343,8 +343,8 @@ function vpn_ipsec_configure($ipchg = false)
 					$pool_address = $a_client['pool_address'];
 					$pool_netmask = gen_subnet_mask($a_client['pool_netbits']);
 
-					$pool_address = long2ip(ip2long($pool_address)+1);
-					$pool_size = ~ip2long($pool_netmask) - 2;
+					$pool_address = long2ip32(ip2long($pool_address)+1);
+					$pool_size = (~ip2long($pool_netmask) & 0xFFFFFFFF) - 2;
 
 					$racoonconf .= "\tpool_size {$pool_size};\n";
 					$racoonconf .= "\tnetwork4 {$pool_address};\n";
@@ -1012,7 +1012,7 @@ EOD;
 
 			for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) {
 
-				$clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i);
+				$clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i);
 
 				$mpdconf .= <<<EOD
 
@@ -1219,7 +1219,7 @@ EOD;
 
 			for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
 
-				$clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i);
+				$clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i);
 
 				if (isset ($pppoecfg['radius']['radiusissueips']) && isset ($pppoecfg['radius']['enable'])) {
 					$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0";
@@ -1409,7 +1409,7 @@ EOD;
 
 			for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) {
 
-				$clientip = long2ip(ip2long($l2tpcfg['remoteip']) + $i);
+				$clientip = long2ip32(ip2long($l2tpcfg['remoteip']) + $i);
 
 				if (isset ($l2tpcfg['radius']['radiusissueips']) && isset ($l2tpcfg['radius']['enable'])) {
 					$isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0";
diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php
index 1496685..58e8351 100755
--- a/usr/local/www/diag_dhcp_leases.php
+++ b/usr/local/www/diag_dhcp_leases.php
@@ -328,7 +328,7 @@ foreach ($leases as $data) {
 		} else {
 			$fspans = $fspane = "";
 		}
-                $lip = ip2long($data['ip']);
+                $lip = ip2ulong($data['ip']);
 		if ($data['act'] == "static") {
 			foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) {
 				if(is_array($dhcpifconf['staticmap'])) {
@@ -345,7 +345,7 @@ foreach ($leases as $data) {
 			}
 		} else {
                 	foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) {	
-                        	if (($lip >= ip2long($dhcpifconf['range']['from'])) && ($lip <= ip2long($dhcpifconf['range']['to']))) {
+                        	if (($lip >= ip2ulong($dhcpifconf['range']['from'])) && ($lip <= ip2ulong($dhcpifconf['range']['to']))) {
                                 	$data['if'] = $dhcpif;
                                 	break;
                         	}
diff --git a/usr/local/www/diag_states_summary.php b/usr/local/www/diag_states_summary.php
index 45600a0..40d064f 100644
--- a/usr/local/www/diag_states_summary.php
+++ b/usr/local/www/diag_states_summary.php
@@ -99,7 +99,7 @@ if(count($states) > 0) {
 }
 
 function sort_by_ip($a, $b) {
-	return sprintf("%u", ip2long($a)) < sprintf("%u", ip2long($b)) ? -1 : 1;
+	return ip2ulong($a) < ip2ulong($b) ? -1 : 1;
 }
 
 function build_port_info($portarr, $proto) {
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 11744ae..d7806b1 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -625,10 +625,10 @@ include("fbegin.inc"); ?>
 <?php							if (is_array($config['virtualip']['vip'])):
 									foreach ($config['virtualip']['vip'] as $sn):
 										if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
-											$baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits']));
+											$baseip = ip2long32($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits']));
 
 											for ($i = $sn['subnet_bits'] - 1; $i <= 32; $i++):
-												$snip = long2ip($baseip);
+												$snip = long2ip32($baseip);
 ?>
 												<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
 												<?php $baseip = $baseip + 1; ?>
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index 483aec1..e5fb88a 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -421,14 +421,14 @@ any)</td>
 <?php	if (is_array($config['virtualip']['vip'])):
 		foreach ($config['virtualip']['vip'] as $sn):
 			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
-				$baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits']));
-				$snip = long2ip($baseip);
+				$baseip = ip2long32($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits']));
+				$snip = long2ip32($baseip);
 ?>
 				<option value="<?=$snip;?>" <?php if ($snip == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
 <?php
 				for ($i = $sn['subnet_bits']; $i <= 32; $i++):
 					$baseip = $baseip + 1;
-					$snip = long2ip($baseip);
+					$snip = long2ip32($baseip);
 ?>
 				<option value="<?=$snip;?>" <?php if ($snip == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
 				<?php endfor; ?>
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php
index cc3d1e4..b72258f 100755
--- a/usr/local/www/services_dhcp.php
+++ b/usr/local/www/services_dhcp.php
@@ -181,7 +181,7 @@ if(is_array($dhcrelaycfg)) {
 }
 
 function is_inrange($test, $start, $end) {
-	if ( (ip2long($test) < ip2long($end)) && (ip2long($test) > ip2long($start)) )
+	if ( (ip2ulong($test) < ip2ulong($end)) && (ip2ulong($test) > ip2ulong($start)) )
 		return true;
 	else
 		return false;
@@ -242,15 +242,15 @@ if ($_POST) {
 
 		if (!$input_errors) {
 			/* make sure the range lies within the current subnet */
-			$subnet_start = (ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn));
-			$subnet_end = (ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)));
+			$subnet_start = ip2ulong(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn)));
+			$subnet_end = ip2ulong(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))));
 
-			if ((ip2long($_POST['range_from']) < $subnet_start) || (ip2long($_POST['range_from']) > $subnet_end) ||
-			    (ip2long($_POST['range_to']) < $subnet_start) || (ip2long($_POST['range_to']) > $subnet_end)) {
+			if ((ip2ulong($_POST['range_from']) < $subnet_start) || (ip2ulong($_POST['range_from']) > $subnet_end) ||
+			    (ip2ulong($_POST['range_to']) < $subnet_start) || (ip2ulong($_POST['range_to']) > $subnet_end)) {
 				$input_errors[] = "The specified range lies outside of the current subnet.";
 			}
 
-			if (ip2long($_POST['range_from']) > ip2long($_POST['range_to']))
+			if (ip2ulong($_POST['range_from']) > ip2ulong($_POST['range_to']))
 				$input_errors[] = "The range is invalid (first element higher than second element).";
 
 			/* make sure that the DHCP Relay isn't enabled on this interface */
@@ -534,15 +534,15 @@ include("head.inc");
                         <td width="22%" valign="top" class="vncellreq">Available range</td>
                         <td width="78%" class="vtable">
                           <?php 
-								$range_from = ip2long(long2ip(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); 
+								$range_from = ip2long(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn))); 
 								$range_from++;
-								echo long2ip($range_from);
+								echo long2ip32($range_from);
 							?>
                           -
                           <?php
-								$range_to = ip2long(long2ip(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))));
+								$range_to = ip2long(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))));
 								$range_to--;
-								echo long2ip($range_to);
+								echo long2ip32($range_to);
 						  ?>
                         </td>
                       </tr>
diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php
index d44fb9b..86fefe3 100755
--- a/usr/local/www/services_dhcp_edit.php
+++ b/usr/local/www/services_dhcp_edit.php
@@ -140,12 +140,12 @@ if ($_POST) {
 		
 	/* make sure it's not within the dynamic subnet */
 	if ($_POST['ipaddr']) {
-		$dynsubnet_start = ip2long($config['dhcpd'][$if]['range']['from']);
-		$dynsubnet_end = ip2long($config['dhcpd'][$if]['range']['to']);
-		$lansubnet_start = (ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn));
-		$lansubnet_end = (ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn)));
-		if ((ip2long($_POST['ipaddr']) < $lansubnet_start) ||
-			(ip2long($_POST['ipaddr']) > $lansubnet_end)) {
+		$dynsubnet_start = ip2ulong($config['dhcpd'][$if]['range']['from']);
+		$dynsubnet_end = ip2ulong($config['dhcpd'][$if]['range']['to']);
+		$lansubnet_start = ip2ulong(long2ip32(ip2long($ifcfgip) & gen_subnet_mask_long($ifcfgsn)));
+		$lansubnet_end = ip2ulong(long2ip32(ip2long($ifcfgip) | (~gen_subnet_mask_long($ifcfgsn))));
+		if ((ip2ulong($_POST['ipaddr']) < $lansubnet_start) ||
+			(ip2ulong($_POST['ipaddr']) > $lansubnet_end)) {
 			$input_errors[] = "The IP address must lie in the {$ifcfgdescr} subnet.";
 		}
 	}
diff --git a/usr/local/www/vpn_l2tp.php b/usr/local/www/vpn_l2tp.php
index 025e30f..2b61209 100644
--- a/usr/local/www/vpn_l2tp.php
+++ b/usr/local/www/vpn_l2tp.php
@@ -95,11 +95,11 @@ if ($_POST) {
 
 		if (!$input_errors) {
 			$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']);
-			$subnet_start = ip2long($_POST['remoteip']);
-			$subnet_end = ip2long($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1;
+			$subnet_start = ip2ulong($_POST['remoteip']);
+			$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1;
 
-			if ((ip2long($_POST['localip']) >= $subnet_start) &&
-			    (ip2long($_POST['localip']) <= $subnet_end)) {
+			if ((ip2ulong($_POST['localip']) >= $subnet_start) &&
+			    (ip2ulong($_POST['localip']) <= $subnet_end)) {
 				$input_errors[] = gettext("The specified server address lies in the remote subnet.");
 			}
 			if ($_POST['localip'] == get_interface_ip("lan")) {
diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php
index 7b0cd41..d95302e 100755
--- a/usr/local/www/vpn_pppoe.php
+++ b/usr/local/www/vpn_pppoe.php
@@ -98,11 +98,11 @@ if ($_POST) {
 		
 		if (!$input_errors) {	
 			$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']);
-			$subnet_start = ip2long($_POST['remoteip']);
-			$subnet_end = ip2long($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1;
+			$subnet_start = ip2ulong($_POST['remoteip']);
+			$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1;
 						
-			if ((ip2long($_POST['localip']) >= $subnet_start) && 
-			    (ip2long($_POST['localip']) <= $subnet_end)) {
+			if ((ip2ulong($_POST['localip']) >= $subnet_start) && 
+			    (ip2ulong($_POST['localip']) <= $subnet_end)) {
 				$input_errors[] = "The specified server address lies in the remote subnet.";	
 			}
 			if ($_POST['localip'] == get_interface_ip("lan")) {
diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php
index 5aae209..1c88670 100755
--- a/usr/local/www/vpn_pptp.php
+++ b/usr/local/www/vpn_pptp.php
@@ -99,11 +99,11 @@ if ($_POST) {
 		}
 		
 		if (!$input_errors) {	
-			$subnet_start = ip2long($_POST['remoteip']);
-			$subnet_end = ip2long($_POST['remoteip']) + $_POST['n_pptp_units'] - 1;
+			$subnet_start = ip2ulong($_POST['remoteip']);
+			$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_pptp_units'] - 1;
 						
-			if ((ip2long($_POST['localip']) >= $subnet_start) && 
-			    (ip2long($_POST['localip']) <= $subnet_end)) {
+			if ((ip2ulong($_POST['localip']) >= $subnet_start) && 
+			    (ip2ulong($_POST['localip']) <= $subnet_end)) {
 				$input_errors[] = "The specified server address lies in the remote subnet.";	
 			}
 			// TODO: Should this check be for any local IP address?
-- 
cgit v1.1