Commit efa04ce2 authored by Philip Gladstone's avatar Philip Gladstone

Make ACLs work correctly for streams. Try comparing the addresses in

host order rather than network order.

Originally committed as revision 1597 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent df081b2f
...@@ -165,6 +165,7 @@ enum IPAddressAction { ...@@ -165,6 +165,7 @@ enum IPAddressAction {
typedef struct IPAddressACL { typedef struct IPAddressACL {
struct IPAddressACL *next; struct IPAddressACL *next;
enum IPAddressAction action; enum IPAddressAction action;
/* These are in host order */
struct in_addr first; struct in_addr first;
struct in_addr last; struct in_addr last;
} IPAddressACL; } IPAddressACL;
...@@ -1076,9 +1077,10 @@ static int validate_acl(FFStream *stream, HTTPContext *c) ...@@ -1076,9 +1077,10 @@ static int validate_acl(FFStream *stream, HTTPContext *c)
enum IPAddressAction last_action = IP_DENY; enum IPAddressAction last_action = IP_DENY;
IPAddressACL *acl; IPAddressACL *acl;
struct in_addr *src = &c->from_addr.sin_addr; struct in_addr *src = &c->from_addr.sin_addr;
unsigned long src_addr = ntohl(src->s_addr);
for (acl = stream->acl; acl; acl = acl->next) { for (acl = stream->acl; acl; acl = acl->next) {
if (src->s_addr >= acl->first.s_addr && src->s_addr <= acl->last.s_addr) { if (src_addr >= acl->first.s_addr && src_addr <= acl->last.s_addr) {
return (acl->action == IP_ALLOW) ? 1 : 0; return (acl->action == IP_ALLOW) ? 1 : 0;
} }
last_action = acl->action; last_action = acl->action;
...@@ -4095,7 +4097,7 @@ static int parse_ffconfig(const char *filename) ...@@ -4095,7 +4097,7 @@ static int parse_ffconfig(const char *filename)
errors++; errors++;
} else { } else {
/* Only take the first */ /* Only take the first */
acl.first = *(struct in_addr *) he->h_addr_list[0]; acl.first.s_addr = ntohl(((struct in_addr *) he->h_addr_list[0])->s_addr);
acl.last = acl.first; acl.last = acl.first;
} }
...@@ -4109,7 +4111,7 @@ static int parse_ffconfig(const char *filename) ...@@ -4109,7 +4111,7 @@ static int parse_ffconfig(const char *filename)
errors++; errors++;
} else { } else {
/* Only take the first */ /* Only take the first */
acl.last = *(struct in_addr *) he->h_addr_list[0]; acl.last.s_addr = ntohl(((struct in_addr *) he->h_addr_list[0])->s_addr);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment