upstream: be stricter in which characters will be accepted in

specifying a mask length; allow only 0-9. From khaleesicodes via GHPR#278; ok dtucker@ OpenBSD-Commit-ID: e267746c047ea86665cdeccef795a8a56082eeb2
author: djm@openbsd.org <djm@openbsd.org> 2022-04-29 06:55:07 +0200
committer: Damien Miller <djm@mindrot.org> 2022-05-02 01:20:50 +0200
commit: a45615cb172bc827e21ec76750de39dfb30ecc05 (patch)
tree: f4fcdc00c7e7df0edd87cbaa9ba67b40b0b042a7 /addr.c
parent: Add Mac OS X 12 test target. (diff)
download: openssh-a45615cb172bc827e21ec76750de39dfb30ecc05.tar.xz
openssh-a45615cb172bc827e21ec76750de39dfb30ecc05.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/addr.c b/addr.c
index 1ad10ae0f..abf3e3d97 100644
--- a/addr.c
+++ b/addr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: addr.c,v 1.4 2021/10/22 10:51:57 dtucker Exp $ */
+/* $OpenBSD: addr.c,v 1.5 2022/04/29 04:55:07 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -397,7 +397,7 @@ addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
 		*mp = '\0';
 		mp++;
 		masklen = strtoul(mp, &cp, 10);
-		if (*mp == '\0' || *cp != '\0' || masklen > 128)
+		if (*mp < '0' || *mp > '9' || *cp != '\0' || masklen > 128)
 			return -1;
 	}
author	djm@openbsd.org <djm@openbsd.org>	2022-04-29 06:55:07 +0200
committer	Damien Miller <djm@mindrot.org>	2022-05-02 01:20:50 +0200
commit	a45615cb172bc827e21ec76750de39dfb30ecc05 (patch)
tree	f4fcdc00c7e7df0edd87cbaa9ba67b40b0b042a7 /addr.c
parent	Add Mac OS X 12 test target. (diff)
download	openssh-a45615cb172bc827e21ec76750de39dfb30ecc05.tar.xz openssh-a45615cb172bc827e21ec76750de39dfb30ecc05.zip