pppd: Fix auth_number() to handle wildcards correctly

Previously auth_number treated all entries in the permitted_numbers
list as if they were wildcards, i.e., as ending in '*', even if there
was no '*'.  This fixes it to only treat entries ending in '*' as
wildcards; without the '*', remote_number has to match the whole entry
exactly.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

diff --git a/pppd/auth.c b/pppd/auth.c
index ecd30badc73978987c4be63be10233346f663c5c..bb692d76e67049783d0ccf9895d59062aaa9b883 100644 (file)
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -2154,7 +2154,7 @@ int
 auth_number(void)
 {
     struct wordlist *wp = permitted_numbers;
-    int l;
+    size_t l;
 
     /* Allow all if no authorization list. */
     if (!wp)
@@ -2164,9 +2164,10 @@ auth_number(void)
     while (wp) {
        /* trailing '*' wildcard */
        l = strlen(wp->word);
-       if ((wp->word)[l - 1] == '*')
-           l--;
-       if (!strncasecmp(wp->word, remote_number, l))
+       if (l > 0 && (wp->word)[l - 1] == '*') {
+           if (!strncasecmp(wp->word, remote_number, l - 1))
+               return 1;
+       } else if (strcasecmp(wp->word, remote_number) == 0)
            return 1;
        wp = wp->next;
     }