| Subject: | $cidr_length should be validated in Query.pm |
Sites which have invalid ip4 values are not handled properly.
The IP address is validated, but the CIDR length is not. Here is
a patch which corrects this:
*** Query.pm.orig Sat Dec 31 16:55:11 2005
--- Query.pm Thu Jan 12 11:31:00 2006
***************
*** 1468,1473 ****
--- 1468,1474 ----
my ($network, $cidr_length) = split (/\//, $cidr_spec, 2);
if ($network !~ /^\d+\.\d+\.\d+\.\d+$/) { return ("unknown" => "bad
argument to ip4: $cidr_spec"); }
+ if ($cidr_length !~ /^\d+$/) { return ("unknown" => "bad argument to
ip4: $cidr_spec"); }
$cidr_length = "32" if not defined $cidr_length;