From f217370ac76c7e3a0930bbf1f12707b36268694a Mon Sep 17 00:00:00 2001
From: William Metcalf <william.metcalf@gmail.com>
Date: Thu, 29 Oct 2009 17:17:30 -0500
Subject: [PATCH] fixed for invalid netmask being set to 0

---
 src/detect-engine-address.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c
index 66b2c92313..a8c0c427d8 100644
--- a/src/detect-engine-address.c
+++ b/src/detect-engine-address.c
@@ -489,6 +489,10 @@ static int DetectAddressParseString(DetectAddress *dd, char *str) {
                 /* 1.2.3.4/24 format */
 
                 int cidr = atoi(mask);
+                if(cidr < 0 || cidr > 32){
+                    goto error;
+                }
+
                 netmask = CIDRGet(cidr);
             } else {
                 /* 1.2.3.4/255.255.255.0 format */
@@ -3543,6 +3547,28 @@ error:
     DetectAddressFree(c);
     return 0;
 }
+
+int AddressTestParseInvalidMask01 (void) {
+    int result = 1;
+    DetectAddress *dd = NULL;
+    dd = DetectAddressParseSingle("192.168.2.0/33");
+    if (dd != NULL) {
+        DetectAddressFree(dd);
+        result = 0;
+    }
+    return result;
+}
+
+int AddressTestParseInvalidMask02 (void) {
+    int result = 1;
+    DetectAddress *dd = NULL;
+    dd = DetectAddressParseSingle("192.168.2.0/255.255.257.0");
+    if (dd != NULL) {
+        DetectAddressFree(dd);
+        result = 0;
+    }
+    return result;
+}
 #endif /* UNITTESTS */
 
 void DetectAddressTests(void) {
@@ -3666,6 +3692,9 @@ void DetectAddressTests(void) {
     UtRegisterTest("AddressTestCutIPv408", AddressTestCutIPv408, 1);
     UtRegisterTest("AddressTestCutIPv409", AddressTestCutIPv409, 1);
     UtRegisterTest("AddressTestCutIPv410", AddressTestCutIPv410, 1);
+
+    UtRegisterTest("AddressTestParseInvalidMask01",AddressTestParseInvalidMask01, 1);
+    UtRegisterTest("AddressTestParseInvalidMask02",AddressTestParseInvalidMask02, 1);
 #endif /* UNITTESTS */
 }