From 72730249b38a676da94a1366b54a6e96e6928bcb Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Fri, 28 Aug 2020 03:15:52 +0000 Subject: [PATCH] upstream: Check that the addresses supplied to Match Address and Match LocalAddress are valid when parsing in config-test mode. This will catch address/mask mismatches before they cause problems at runtime. Found by Daniel Stocker, ok djm@ OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b --- servconf.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/servconf.c b/servconf.c index 1bc7ee31a..2ce04cf14 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.368 2020/08/27 01:07:09 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.369 2020/08/28 03:15:52 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1119,6 +1119,9 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) "%.100s' at line %d", ci->host, arg, line); } else if (strcasecmp(attrib, "address") == 0) { if (ci == NULL || (ci->test && ci->address == NULL)) { + if (addr_match_list(NULL, arg) != 0) + fatal("Invalid Match address argument " + "'%s' at line %d", arg, line); result = 0; continue; } @@ -1138,6 +1141,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) } } else if (strcasecmp(attrib, "localaddress") == 0){ if (ci == NULL || (ci->test && ci->laddress == NULL)) { + if (addr_match_list(NULL, arg) != 0) + fatal("Invalid Match localaddress " + "argument '%s' at line %d", arg, + line); result = 0; continue; }