Package: openvpn-auth-radius / 2.1-9

20_iroute_mask.diff Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
Subject: [PATCH] Fix iroute netmask computation

This rewrites computation of the netmask from CIDR netmask.  It was
previously completely buggy due to using j instead of k.  Using doubles
to store a 32bit value is not really safe, and using masks and shifts
is much simpler actually.

--- a/UserAuth.cpp
    b/UserAuth.cpp
@@ -1492,11  1492,10 @@
 	char framedroutes[4096];
 	char framednetmask_cidr[3]; // ->/24
 	char framednetmask[16]; // ->255.255.255.0
-	char mask_part[6];
 	char framedgw[16];
 	char framedmetric[5]; //what is the biggest metric? 
 	
-	double d1,d2;
 	unsigned long d1,d2;
 	
 	int j=0,k=0;
 	int len=0;
@@ -1601,7  1600,6 @@
 					{
 						j=0;k=0;
 						//set everything back for the next route entry
-						memset(mask_part,0,6);
 						memset(framednetmask_cidr,0,3);
 						memset(framedip,0,16);
 						memset(framednetmask,0,16);
@@ -1673,78  1671,31 @@
 																								
 							//create string for client config file
 							//transform framednetmask_cidr
-							d2=7;
-							d1=0;
 							memset(framednetmask,0,16);
-							if (atoi(framednetmask_cidr)>32)
 							d2=atoi(framednetmask_cidr);
 							if (d2>32)
 							{
 								cerr << getTime() << "RADIUS-PLUGIN: Bad net CIDR netmask.\n";
 							}
 							else
 							{
-								for (k=1; k<=atoi(framednetmask_cidr); k  )
 								if (d2==32)
 								{
-									d1=d1 pow(2,d2);
-									d2--;
-									
-									if (k==8)
-									{
-										sprintf(mask_part,"%.0lf.", d1);
-										d1=0;
-										d2=7;
-										strncat(framednetmask, mask_part, 4);
-										memset(mask_part,0,6);
-									}
-									if(k==16)
-									{
-										sprintf(mask_part,"%.0lf.", d1);
-										d1=0;
-										d2=7;
-										strncat(framednetmask, mask_part, 4);
-										memset(mask_part,0,6);
-									}
-									if(k==24)
-									{
-										sprintf(mask_part,"%.0lf.", d1);
-										d1=0;
-										d2=7;
-										strncat(framednetmask, mask_part, 4);
-										memset(mask_part,0,6);
-									}
 									d1=0xffffffffUL;
 								}
-								if (j<8)
 								else if (d2==0)
 								{
-										sprintf(mask_part,"%.0lf.", d1);
-										d1=0;
-										strncat(framednetmask, mask_part, 4);
-										strncat(framednetmask, "0.0.0", 5);
-										memset(mask_part,0,6);
 									d1=0x00000000UL;
 								}
-								else if (j<16)
 								else
 								{
-										sprintf(mask_part,"%.0lf.", d1);
-										d1=0;
-										strncat(framednetmask, mask_part, 4);
-										strncat(framednetmask, "0.0", 3);
-										memset(mask_part,0,6);
 									d1=((1UL<<d2)-1UL)<<(32-d2);
 								}
-								else if (j<24)
-								{
-										sprintf(mask_part,"%.0lf.", d1);
-										d1=0;
-										strncat(framednetmask, mask_part, 4);
-										strncat(framednetmask, "0", 1);
-										memset(mask_part,0,6);
-								}
-								else if (j>24)
-								{
-										sprintf(mask_part,"%.0lf", d1);
-										d1=0;
-										strncat(framednetmask, mask_part, 4);
-										memset(mask_part,0,6);
-								}
-								
-								
 								snprintf(framednetmask, 16, "%lu.%lu.%lu.%lu",
 										(d1 >> 24) & 0xff,
 										(d1 >> 16) & 0xff,
 										(d1 >>  8) & 0xff,
 										(d1      ) & 0xff);
 							}
 							
 							if (DEBUG (context->getVerbosity()))