Disallow "*/maskbits" as an address pattern.

Fixes bug 7484. We've had this bug back in a8eaa79e031ee04d44 in
0.0.2pre14, when we first started allowing address masks.

2 files changed, 5 insertions, 2 deletions

diff --git a/src/common/address.c b/src/common/address.c
index b9f2d93154..be41cc73ac 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -714,6 +714,11 @@ tor_addr_parse_mask_ports(const char *s,
         /* XXXX_IP6 is this really what we want? */
         bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
       }
+      if (any_flag) {
+        log_warn(LD_GENERAL,
+                 "Found bit prefix with wildcard address; rejecting");
+        goto err;
+      }
     } else { /* pick an appropriate mask, as none was given */
       if (any_flag)
         bits = 0;  /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index 79ddd95090..7c289c371a 100644
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -646,7 +646,6 @@ test_addr_ip6_helpers(void)
   test_assert(r == -1);
   r=tor_addr_parse_mask_ports("*6",0,&t1, &mask, NULL, NULL);
   test_assert(r == -1);
-#if 0
   /* Try a mask with a wildcard. */
   r=tor_addr_parse_mask_ports("*/16",0,&t1, &mask, NULL, NULL);
   test_assert(r == -1);
@@ -656,7 +655,6 @@ test_addr_ip6_helpers(void)
   r=tor_addr_parse_mask_ports("*6/30",TAPMP_EXTENDED_STAR,
                               &t1, &mask, NULL, NULL);
   test_assert(r == -1);
-#endif
   /* Basic mask tests*/
   r=tor_addr_parse_mask_ports("1.1.2.2/31",0,&t1, &mask, NULL, NULL);
   test_assert(r == AF_INET);