From ce9dc19873669c8bc3c420e7c57dde3d48d8e64a Mon Sep 17 00:00:00 2001 From: stilez Date: Thu, 3 Dec 2015 13:42:08 +0000 Subject: data sanitising: ip2long32, ip2ulong, long2ip32 (Resubmit of #1789) Self explanatory. If these functions find themselves trying to convert non-int data (or an x64 int with non-zeros in any bits >32) to dotted IPv4, or non-dotted IPv4 to integer IPv4 values, something's wrong and they shouldn't return a value that looks like they succeeded. --- src/etc/inc/util.inc | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'src/etc/inc/util.inc') diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 88d48fa..e9cb7cb 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -427,19 +427,24 @@ function gen_subnet_mask($bits) { return long2ip(gen_subnet_mask_long($bits)); } -/* Convert long int to IP address, truncating to 32-bits. */ +/* Convert long int to IPv4 address + Returns '' if not valid IPv4 (including if any bits >32 are non-zero) */ function long2ip32($ip) { - return long2ip($ip & 0xFFFFFFFF); + return ((is_int($ip) && ($ip >> 32) == 0) ? long2ip($ip & 0xFFFFFFFF) : ''); } -/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */ +/* Convert IPv4 address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. + Returns '' if not valid IPv4. */ function ip2long32($ip) { - return (ip2long($ip) & 0xFFFFFFFF); + $a = ip2long($ip); + return ($a === False ? '' : $a & 0xFFFFFFFF); } -/* Convert IP address to unsigned long int. */ +/* Convert IPv4 address to unsigned long int. + Returns '' if not valid IPv4. */ function ip2ulong($ip) { - return sprintf("%u", ip2long32($ip)); + $a = ip2long($ip); + return ($a === False ? '' : sprintf("%u", $a & 0xFFFFFFFF)); } /* Find out how many IPs are contained within a given IP range -- cgit v1.1