From 8680b42ed62cdd2cfea19c41f1a2e72d0335665c Mon Sep 17 00:00:00 2001 From: Steve Allison Date: Thu, 21 Feb 2013 13:17:40 +0000 Subject: [PATCH] Add IPv4 sanitation check --- defense.php | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/defense.php b/defense.php index 73a9041..23716a9 100644 --- a/defense.php +++ b/defense.php @@ -31,6 +31,17 @@ class defense extends rcube_plugin { // Remote client IP address private $ipaddr; + // Logfile + private $logfile = 'defense.log'; + + /** + * Output text to log file: $this->logfile + * + * @param string text for log + */ + private function debug($string) { + write_log($this->logfile, $this->ipaddr . " # " . $string); + } /** * Check if IP is matched against all IPs in array, * including CIDR matches @@ -43,8 +54,9 @@ class defense extends rcube_plugin { foreach ($array as $value) { // If no slash '/' then its not a CIDR address and we can just string match if ((strpos($value, '/') === false) && (strcmp($ip, $value) == 0)) { return true; } - if (isIPv6($ip) != isIPv6($value)) { return false; } - if ((!isIPv6($ip) && ($this->isIPv4inCIDR($ip, $value))) { return true; } + if ((isIPv6($ip)) && (!isIPv6($value))) { return false; } + if ((isIPv4($value)) && (!isIPv4($ip))) { return false; } + if ((isIPv4($ip) && ($this->isIPv4inCIDR($ip, $value))) { return true; } if ((isIPv6($ip) && ($this->isIPv6inCIDR($ip, $value))) { return true; } } return false; @@ -104,7 +116,15 @@ class defense extends rcube_plugin { private function isIPv6($ip) { return (((!preg_match('/^[\.\/:0-9a-f]+$/', strtolower($ip))) || (substr_count($ip, ':') < 2)) ? true : false) } - + /** + * Check string if it is IPv6 + * + * @param string ip address + * @return bool + */ + private function isIPv4($ip) { + return ((preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?$/', $ip)) ? true : false) + } /** * Constructor, initialization *