From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 23 Jan 2014 03:48:49 +0000 (-0700)
Subject: If inet_addr() returns INADDR_NONE, return false instead of iterating
X-Git-Tag: SUDO_1_8_10^2~90
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4c9650f78f7a88e4172e7e4cd5572eb3eea0bba5;p=sudo

If inet_addr() returns INADDR_NONE, return false instead of iterating
through the interfaces looking for a match that will never happen.
---

diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c
index f3995f390..dd92a78ed 100644
--- a/plugins/sudoers/match_addr.c
+++ b/plugins/sudoers/match_addr.c
@@ -66,8 +66,10 @@ addr_matches_if(const char *n)
     } else
 #endif /* HAVE_STRUCT_IN6_ADDR */
     {
-	family = AF_INET;
 	addr.ip4.s_addr = inet_addr(n);
+	if (addr.ip4.s_addr == INADDR_NONE)
+	    debug_return_bool(false);
+	family = AF_INET;
     }
 
     SLIST_FOREACH(ifp, get_interfaces(), entries) {
@@ -118,8 +120,10 @@ addr_matches_if_netmask(const char *n, const char *m)
     else
 #endif /* HAVE_STRUCT_IN6_ADDR */
     {
-	family = AF_INET;
 	addr.ip4.s_addr = inet_addr(n);
+	if (addr.ip4.s_addr == INADDR_NONE)
+	    debug_return_bool(false);
+	family = AF_INET;
     }
 
     if (family == AF_INET) {