From bd85c1d19fc0e1c2d706282b954a2baa1665d34f Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Tue, 7 Jul 2015 11:14:31 +0200
Subject: [PATCH] core: fix matching network addresses with bitmask non
 divisible to 8

- reported by Kyle Kurz <kkurz@digium.com> for permissions module

(cherry picked from commit f429e753dfa750a604bfb0acb5068b47d0fbe142)
(cherry picked from commit 05ac2a2b88f476b0fd32b1bf314b2357eedfceb0)
(cherry picked from commit f06fc524de25e09549f7fbb57a0f08fb2765267e)
---
 ip_addr.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ip_addr.c b/ip_addr.c
index 7175bd0a82e..bde491d9189 100644
--- a/ip_addr.c
+++ b/ip_addr.c
@@ -356,7 +356,8 @@ char* get_proto_name(unsigned int proto)
 int ip_addr_match_net(ip_addr_t *iaddr, ip_addr_t *naddr,
 		int mask)
 {
-	unsigned char c;
+	unsigned char ci;
+	unsigned char cn;
 	int i;
 	int mbytes;
 	int mbits;
@@ -399,8 +400,9 @@ int ip_addr_match_net(ip_addr_t *iaddr, ip_addr_t *naddr,
 	mbits = mask % 8;
 	if(mbits==0)
 		return 0;
-	c = naddr->u.addr[i] & (~((1 << (8 - mbits)) - 1));
-	if((iaddr->u.addr[i] & c) == c)
+	ci = iaddr->u.addr[i] & (~((1 << (8 - mbits)) - 1));
+	cn = naddr->u.addr[i] & (~((1 << (8 - mbits)) - 1));
+	if(ci == cn)
 		return 0;
 	return -1;
 }