File tree 2 files changed +12
-3
lines changed 2 files changed +12
-3
lines changed Original file line number Diff line number Diff line change @@ -131,15 +131,16 @@ ip.mask = function(addr, mask) {
131131
132132 var result = new Buffer ( Math . max ( addr . length , mask . length ) ) ;
133133
134+ var i = 0 ;
134135 // Same protocol - do bitwise and
135136 if ( addr . length === mask . length ) {
136- for ( var i = 0 ; i < addr . length ; i ++ ) {
137+ for ( i = 0 ; i < addr . length ; i ++ ) {
137138 result [ i ] = addr [ i ] & mask [ i ] ;
138139 }
139140 } else if ( mask . length === 4 ) {
140141 // IPv6 address and IPv4 mask
141142 // (Mask low bits)
142- for ( var i = 0 ; i < mask . length ; i ++ ) {
143+ for ( i = 0 ; i < mask . length ; i ++ ) {
143144 result [ i ] = addr [ addr . length - 4 + i ] & mask [ i ] ;
144145 }
145146 } else {
@@ -151,10 +152,13 @@ ip.mask = function(addr, mask) {
151152 // ::ffff:ipv4
152153 result [ 10 ] = 0xff ;
153154 result [ 11 ] = 0xff ;
154- for ( var i = 0 ; i < addr . length ; i ++ ) {
155+ for ( i = 0 ; i < addr . length ; i ++ ) {
155156 result [ i + 12 ] = addr [ i ] & mask [ i + 12 ] ;
156157 }
158+ i = i + 12 ;
157159 }
160+ for ( ; i < result . length ; i ++ )
161+ result [ i ] = 0 ;
158162
159163 return ip . toString ( result ) ;
160164} ;
Original file line number Diff line number Diff line change @@ -93,6 +93,11 @@ describe('IP library for node.js', function() {
9393 assert . equal ( ip . mask ( '192.168.1.134' , '255.255.255.0' ) , '192.168.1.0' ) ;
9494 assert . equal ( ip . mask ( '192.168.1.134' , '::ffff:ff00' ) , '::ffff:c0a8:100' ) ;
9595 } ) ;
96+
97+ it ( 'should not leak data' , function ( ) {
98+ for ( var i = 0 ; i < 10 ; i ++ )
99+ assert . equal ( ip . mask ( '::1' , '0.0.0.0' ) , '::' ) ;
100+ } ) ;
96101 } ) ;
97102
98103 describe ( 'subnet() method' , function ( ) {
You can’t perform that action at this time.
0 commit comments