Originally posted by [b]HiddenDragon[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=2632
There is a bug in the IP rules feature concerning the allow/deny IP features.
Normally, one can use:
allow: <ip address>[/<mask>]
or
deny: <ip address>[/<mask>]
...to feed some IP addresses into a list that will always be denied or allowed despite whatever the DDoS protection. The problem is, a bug in converting the IP addresses (and masks too) from standard dot notation to unsigned 32bit integer.
When it parses a line such as "allow: 127.0.0.1", it reads it and converts it incorrectly such that (when it is parsed back to dot notation) it becomes "1.0.0.127". In other words, the following line is broken:
In common/socket.c (function access_ipmask):
CODE
ip = (uint32)(a[0] | (a[1] << 8) | (a[2] << 16) | (a[3] << 24));
The bits are shifted in the incorrect order. The following line fixes the above and makes the access/deny IP rules actually work:
CODE
ip = (uint32)((a[0] << 24) | (a[1] << 16) | (a[2] << 8) | (a[3]));
Repeat with the IP mask line a couple lines below.