X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fauth.c;h=6685ea91d00636dec78059522f2949d71389d226;hp=ea6bf7b10d4b8dad4d27f28de832c788c51e941c;hb=3b733a69c54d2572012620fcaba9b1ca9ca0ac9e;hpb=afe0aeff34d3e453578f1c419946453600633654

diff --git a/pppd/auth.c b/pppd/auth.c
index ea6bf7b..6685ea9 100644
--- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: auth.c,v 1.3 1994/04/18 03:59:28 paulus Exp $";
+static char rcsid[] = "$Id: auth.c,v 1.4 1994/05/18 05:59:43 paulus Exp $";
 #endif
 
 #include <stdio.h>
@@ -696,6 +696,10 @@ auth_ip_addr(unit, addr)
     struct hostent *hp;
     struct wordlist *addrs;
 
+    /* don't allow loopback or multicast address */
+    if (bad_ip_adrs(addr))
+	return 0;
+
     if ((addrs = addresses[unit]) == NULL)
 	return 1;		/* no restriction */
 
@@ -717,6 +721,20 @@ auth_ip_addr(unit, addr)
     return 0;			/* not in list => can't have it */
 }
 
+/*
+ * bad_ip_adrs - return 1 if the IP address is one we don't want
+ * to use, such as an address in the loopback net or a multicast address.
+ * addr is in network byte order.
+ */
+int
+bad_ip_adrs(addr)
+    u_long addr;
+{
+    addr = ntohl(addr);
+    return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
+	|| IN_MULTICAST(addr) || IN_BADCLASS(addr);
+}
+
 /*
  * check_access - complain if a secret file has too-liberal permissions.
  */