Opened 11 years ago

Closed 11 years ago

#265 closed defect (fixed)

Maybe Bug in oscam-config.c

Reported by: alno Owned by:
Priority: critical Component:
Severity: high Keywords:
Cc: Sensitive: no

Description

It looks that the function:
static void chk_iprange(char *value, struct s_ip base)

resolves/stores not more then one IP or range. Only the last IP/Range become respected.

for my understanding there is a "forward" for cip missing in the second part of function:

  memset(cip, 0, sizeof(struct s_ip));
  for (ptr1=strtok(value, ","); ptr1; ptr1=strtok(NULL, ","))
  {
    if( (ptr2=strchr(trim(ptr1), '-')) )
    {
      *ptr2++='\0';
      cip->ip[0]=cs_inet_addr(trim(ptr1));
      cip->ip[1]=cs_inet_addr(trim(ptr2));
    }
    else
      cip->ip[0]=cip->ip[1]=cs_inet_addr(ptr1);
  }

each IP/range becomes assigned to the same position and the previous becomes overwritten.

Change History (4)

comment:1 by alno, 11 years ago

Additional the IP addresses are a bit courios in format 4.3.2.1 instead of 1.2.3.4 Is: in_addr_t cs_inet_addr(char *txt) working properly?

I have marked the Ticket as critical because this function is used for setting the "nocrypt" ranges. To open wrong ranges may be a security risc

comment:2 by alno, 11 years ago

Resolution: invalid
Status: newclosed

Sorry, my fault

comment:3 by alno, 11 years ago

Resolution: invalid
Status: closedreopened

comment:4 by alno, 11 years ago

Resolution: fixed
Status: reopenedclosed

Fixed by Admin in monitor-improvement branch
now this:

allowed = IP address|IP address range[,IP address|IP address  range]...

is possible instead of multiple nocrypt token

Note: See TracTickets for help on using tickets.