From 83e5941c87893d596232e568e8b5823558e34ee9 Mon Sep 17 00:00:00 2001
From: Jilles Tjoelker <jilles@stack.nl>
Date: Sun, 13 Sep 2015 22:56:14 +0200
Subject: [PATCH] Check CIDR ban IP address for validity.

Otherwise, we compare to uninitialized stack data. This is wrong but seems
harmless.

Closes #103
---
 src/match.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/match.c b/src/match.c
index d06b7420..1c0a59ae 100644
--- a/src/match.c
+++ b/src/match.c
@@ -397,8 +397,10 @@ int match_ips(const char *s1, const char *s2)
 	else
 		return 0;
 
-	rb_inet_pton(aftype, address, ipptr);
-	rb_inet_pton(aftype, mask, maskptr);
+	if (rb_inet_pton(aftype, address, ipptr) <= 0)
+		return 0;
+	if (rb_inet_pton(aftype, mask, maskptr) <= 0)
+		return 0;
 	if (comp_with_mask(ipptr, maskptr, cidrlen))
 		return 1;
 	else
@@ -471,8 +473,10 @@ int match_cidr(const char *s1, const char *s2)
 	else
 		return 0;
 
-	rb_inet_pton(aftype, ip, ipptr);
-	rb_inet_pton(aftype, ipmask, maskptr);
+	if (rb_inet_pton(aftype, ip, ipptr) <= 0)
+		return 0;
+	if (rb_inet_pton(aftype, ipmask, maskptr) <= 0)
+		return 0;
 	if (comp_with_mask(ipptr, maskptr, cidrlen) && match(mask, address))
 		return 1;
 	else