fix bad shift in conditional netmask ".../0" handling

config conditionals like $HTTP["remoteip"] == "a.b.c.d/0" (or completely
broken netmasks) triggered bad shifts. Matching against "/0" is not very
useful though - it is always true.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2963 152afb58-edef-0310-8abb-c4023f1b3aa9

2 files changed, 8 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index e82b90b0..780f4c66 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ NEWS
 
 - 1.4.36
   * use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
+  * fix bad shift in conditional netmask ".../0" handling
 
 - 1.4.35 - 2014-03-12
   * [network/ssl] fix build error if TLSEXT is disabled
diff --git a/src/configfile-glue.c b/src/configfile-glue.c
index 3efa46a8..9f24dcb2 100644
--- a/src/configfile-glue.c
+++ b/src/configfile-glue.c
@@ -357,6 +357,12 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, dat
 				return COND_RESULT_FALSE;
 			}
 
+			if (nm_bits > 32 || nm_bits < 0) {
+				log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: invalid netmask:", dc->string, err);
+
+				return COND_RESULT_FALSE;
+			}
+
 			/* take IP convert to the native */
 			buffer_copy_string_len(srv->cond_check_buf, dc->string->ptr, nm_slash - dc->string->ptr);
 #ifdef __WIN32
@@ -375,7 +381,7 @@ static cond_result_t config_check_cond_nocache(server *srv, connection *con, dat
 #endif
 
 			/* build netmask */
-			nm = htonl(~((1 << (32 - nm_bits)) - 1));
+			nm = nm_bits ? htonl(~((1 << (32 - nm_bits)) - 1)) : 0;
 
 			if ((val_inp.s_addr & nm) == (con->dst_addr.ipv4.sin_addr.s_addr & nm)) {
 				return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE;