← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-security

« back to all changes in this revision

Viewing changes to match.c

  • Committer: Package Import Robot
  • Author(s): Tyler Hicks
  • Date: 2012-05-15 23:28:04 UTC
  • Revision ID: package-import@ubuntu.com-20120515232804-2rd0d4k222la647h
Tags: 1.7.4p6-1ubuntu2.1
* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

Show diffs side-by-side

added added

removed removed

Lines of Context:
match.c
628
628
        ifp = &interfaces[i];
629
629
        if (ifp->family != family)
630
630
            continue;
631
 
        switch(family) {
 
631
        switch (family) {
632
632
            case AF_INET:
633
633
                if (ifp->addr.ip4.s_addr == addr.ip4.s_addr ||
634
634
                    (ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr)
646
646
                }
647
647
                if (j == sizeof(addr.ip6.s6_addr))
648
648
                    return(TRUE);
 
649
                break;
649
650
#endif
650
651
        }
651
652
    }
707
708
        ifp = &interfaces[i];
708
709
        if (ifp->family != family)
709
710
            continue;
710
 
        switch(family) {
 
711
        switch (family) {
711
712
            case AF_INET:
712
713
                if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
713
714
                    return(TRUE);
 
715
                break;
714
716
#ifdef HAVE_IN6_ADDR
715
717
            case AF_INET6:
716
718
                for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
719
721
                }
720
722
                if (j == sizeof(addr.ip6.s6_addr))
721
723
                    return(TRUE);
 
724
                break;
722
725
#endif /* HAVE_IN6_ADDR */
723
726
        }
724
727
    }