1Upstream-Status: Backport
2
3diff -ruN tcp_wrappers_7.6.orig/hosts_access.5 tcp_wrappers_7.6/hosts_access.5
4--- tcp_wrappers_7.6.orig/hosts_access.5	2003-08-21 03:15:36.000000000 +0200
5+++ tcp_wrappers_7.6/hosts_access.5	2003-08-21 03:15:31.000000000 +0200
6@@ -90,6 +90,10 @@
7 pattern `131.155.72.0/255.255.254.0\' matches every address in the
8 range `131.155.72.0\' through `131.155.73.255\'.
9 .IP \(bu
10+An expression of the form `n.n.n.n/mm' is interpreted as a
11+`net/masklength' pair, where `mm' is the number of consecutive `1'
12+bits in the netmask applied to the `n.n.n.n' address.
13+.IP \(bu
14 An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
15 `[net]/prefixlen\' pair. An IPv6 host address is matched if
16 `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
17diff -ruN tcp_wrappers_7.6.orig/hosts_access.c tcp_wrappers_7.6/hosts_access.c
18--- tcp_wrappers_7.6.orig/hosts_access.c	2003-08-21 03:15:36.000000000 +0200
19+++ tcp_wrappers_7.6/hosts_access.c	2003-08-21 03:09:30.000000000 +0200
20@@ -417,7 +417,8 @@
21     if ((addr = dot_quad_addr(string)) == INADDR_NONE)
22 	return (NO);
23     if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
24-	|| (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
25+	|| ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
26+	    && (mask = cidr_mask_addr(mask_tok)) == 0)) {
27 #ifndef INET6
28 	tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
29 #endif
30diff -ruN tcp_wrappers_7.6.orig/misc.c tcp_wrappers_7.6/misc.c
31--- tcp_wrappers_7.6.orig/misc.c	2003-08-21 03:15:36.000000000 +0200
32+++ tcp_wrappers_7.6/misc.c	2003-08-21 03:09:30.000000000 +0200
33@@ -107,3 +107,17 @@
34     }
35     return (runs == 4 ? inet_addr(str) : INADDR_NONE);
36 }
37+
38+/* cidr_mask_addr - convert cidr netmask length to internal form */
39+
40+unsigned long cidr_mask_addr(str)
41+char   *str;
42+{
43+    int     maskbits;
44+
45+    maskbits = atoi(str);
46+    if (maskbits < 1 || maskbits > 32)
47+	return (0);
48+    return htonl(0xFFFFFFFF << (32 - maskbits));
49+}
50+
51diff -ruN tcp_wrappers_7.6.orig/tcpdchk.c tcp_wrappers_7.6/tcpdchk.c
52--- tcp_wrappers_7.6.orig/tcpdchk.c	2003-08-21 03:15:36.000000000 +0200
53+++ tcp_wrappers_7.6/tcpdchk.c	2003-08-21 03:09:30.000000000 +0200
54@@ -497,12 +497,12 @@
55 	int mask_len;
56
57 	if ((dot_quad_addr(pat) == INADDR_NONE
58-	    || dot_quad_addr(mask) == INADDR_NONE)
59+	    || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0)
60 	    && (!is_inet6_addr(pat)
61 		|| ((mask_len = atoi(mask)) < 0 || mask_len > 128)))
62 #else
63 	if (dot_quad_addr(pat) == INADDR_NONE
64-	    || dot_quad_addr(mask) == INADDR_NONE)
65+	    || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0)
66 #endif
67 	    tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
68     } else if (STR_EQ(pat, "FAIL")) {		/* obsolete */
69