Corrected ACLs handling + network ranges in ACLS

ACL handling corrected (affected all ACL-based operations like
allow/deny/banlimin/etc).
Network ranges like
10.0.0.0-10.0.0.1.64
are winally supported in ACLS.

src/3proxy.c

@@ -1186,27 +1186,28 @@ int scanipl(unsigned char *arg, struct iplist *dst){
 	if(dash){
 		if(!getip46(46, dash+1, (struct sockaddr *)&sa)) return 2;
 		memcpy(&dst->ip_to, SAADDR(&sa), SAADDRLEN(&sa));
+		if(*SAFAMILY(&sa) != dst->family || memcmp(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa)) < 0) return 3;
 		return 0;
 	}
+	memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa));
 	if(slash){
 		addrlen = SAADDRLEN(&sa);
 		masklen = atoi(slash+1);
-		if(masklen >= 0 && masklen<(addrlen*8)){
-			int i, nbytes = masklen / 8, nbits = masklen % 8;
-			
-			for(i = addrlen; i; i--){
+		if(masklen < 0 || masklen > (addrlen*8)) return 4;
+		else {
+			int i, nbytes = masklen / 8, nbits = (8 - (masklen % 8)) % 8;
+
+			for(i = addrlen; i>(nbytes + (nbits > 0)); i--){
 				((unsigned char *)&dst->ip_from)[i-1] = 0x00;
 				((unsigned char *)&dst->ip_to)[i-1] = 0xff;
 			}
-			memcpy(&dst->ip_to, &dst->ip_from, addrlen - i);
 			for(;nbits;nbits--){
-				((unsigned char *)&dst->ip_from)[i-1] &= (0x01<<(nbits-1));
-				((unsigned char *)&dst->ip_to)[i-1] |= (0x01<<(nbits-1));
+				((unsigned char *)&dst->ip_from)[nbytes] &= ~(0x01<<(nbits-1));
+				((unsigned char *)&dst->ip_to)[nbytes] |= (0x01<<(nbits-1));
 			}
 			return 0;
 		}
 	}		
-	memcpy(&dst->ip_to, &dst->ip_from, SAADDRLEN(&sa));
 	return 0;
 }
 
@@ -1257,7 +1258,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 				}
 				memset(ipl, 0, sizeof(struct iplist));
 				if (scanipl(arg, ipl)) {
-					fprintf(stderr, "Invalid IP or CIDR, line %d\n", linenum);
+					fprintf(stderr, "Invalid IP, IP range or CIDR, line %d\n", linenum);
 					return(NULL);
 				}
 			} while((arg = (unsigned char *)strtok((char *)NULL, ",")));
@@ -1315,7 +1316,7 @@ struct ace * make_ace (int argc, unsigned char ** argv){
 				}
 				memset(ipl, 0, sizeof(struct iplist));
 				if (scanipl(arg, ipl)) {
-						fprintf(stderr, "Invalid IP or CIDR, line %d\n", linenum);
+						fprintf(stderr, "Invalid IP, IP range or CIDR, line %d\n", linenum);
 						return(NULL);
 				}
 			 }

src/auth.c

@@ -313,14 +313,18 @@ int handleredirect(struct clientparam * param, struct ace * acentry){
 }
 
 int IPInentry(struct sockaddr *sa, struct iplist *ipentry){
-	int i, addrlen;
+	int addrlen;
 	unsigned char *ip, *ipf, *ipt;
+
+
 	ip = (unsigned char *)SAADDR(sa);
 	ipf = (unsigned char *)&ipentry->ip_from;
 	ipt = (unsigned char *)&ipentry->ip_to;
+
 	if(!sa || ! ipentry || *SAFAMILY(sa) != ipentry->family) return 0;
 	addrlen = SAADDRLEN(sa);
-	for(i=0; i<addrlen; i++) if(ip[i]<ipf[i] || ip[i]>ipt[i]) return 0;
+	
+	if(memcmp(ip,ipf,addrlen) < 0 || memcmp(ip,ipt,addrlen) > 0) return 0;
 	return 1;
 	
 }

src/common.c

@@ -224,7 +224,7 @@ int parsehostname(char *hostname, struct clientparam *param, unsigned short port
 	if(se){
 		*se = 0;
 	}
-	if(hostname != param->hostname){
+	if(hostname != (char *)param->hostname){
 		if(param->hostname) myfree(param->hostname);
 		param->hostname = (unsigned char *)mystrdup(hostname + (se!=0));
 	}

src/version.h

@@ -1,2 +1,2 @@
 #define VERSION "3proxy-0.8b-devel"
-#define BUILDDATE "141213035229"
+#define BUILDDATE "141213192542"