From 1a0dd27b3a59b63d431388c60100d08d422e5ce4 Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar@beutner.name>
Date: Mon, 19 Oct 2015 10:40:48 +0200
Subject: [PATCH] Improve validation for CIDR masks

fixes #10375
---
 lib/base/utility.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/base/utility.cpp b/lib/base/utility.cpp
index 4fabe40a3..8be988aaf 100644
--- a/lib/base/utility.cpp
+++ b/lib/base/utility.cpp
@@ -181,17 +181,21 @@ static void ParseIpMask(const String& ip, char mask[16], int *bits)
 	if (!ParseIp(uip, mask, &proto))
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid IP address specified."));
 
-	if (proto == AF_INET)
+	if (proto == AF_INET) {
+		if (*bits > 32 || *bits < 0)
+			BOOST_THROW_EXCEPTION(std::invalid_argument("Mask must be between 0 and 32 for IPv4 CIDR masks."));
+
 		*bits += 96;
+	}
 
 	if (slashp == String::NPos)
 		*bits = 128;
 
 	if (*bits > 128 || *bits < 0)
-		BOOST_THROW_EXCEPTION(std::invalid_argument("Mask must be between 0 and 128."));
+		BOOST_THROW_EXCEPTION(std::invalid_argument("Mask must be between 0 and 128 for IPv6 CIDR masks."));
 
 	for (int i = 0; i < 16; i++) {
-		int lbits = *bits - i * 8;
+		int lbits = std::max(0, *bits - i * 8);
 
 		if (lbits >= 8)
 			continue;
-- 
2.40.0