From: Marco d'Itri <md@linux.it>
Date: Sat, 14 May 2022 02:57:49 +0800
Subject: _cidr_support

---
 hosts_access.5 |  4 ++++
 hosts_access.c |  3 ++-
 misc.c         | 14 ++++++++++++++
 tcpdchk.c      |  4 ++--
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/hosts_access.5 b/hosts_access.5
index 2f51d9b..620a7c3 100644
--- a/hosts_access.5
+++ b/hosts_access.5
@@ -90,6 +90,10 @@ bitwise AND of the address and the `mask\'. For example, the net/mask
 pattern `131.155.72.0/255.255.254.0\' matches every address in the
 range `131.155.72.0\' through `131.155.73.255\'.
 .IP \(bu
+An expression of the form `n.n.n.n/mm' is interpreted as a
+`net/masklength' pair, where `mm' is the number of consecutive `1'
+bits in the netmask applied to the `n.n.n.n' address.
+.IP \(bu
 An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
 `[net]/prefixlen\' pair. An IPv6 host address is matched if
 `prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
diff --git a/hosts_access.c b/hosts_access.c
index 1c783b9..72b2cc2 100644
--- a/hosts_access.c
+++ b/hosts_access.c
@@ -423,7 +423,8 @@ char   *string;
     if ((addr = dot_quad_addr(string)) == INADDR_NONE)
 	return (NO);
     if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
-	|| (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
+	|| ((mask = dot_quad_addr(mask_tok)) == INADDR_NONE
+	    && (mask = cidr_mask_addr(mask_tok)) == 0)) {
 #ifndef INET6
 	tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
 #endif
diff --git a/misc.c b/misc.c
index 34158c3..c283e06 100644
--- a/misc.c
+++ b/misc.c
@@ -107,3 +107,17 @@ char   *str;
     }
     return (runs == 4 ? inet_addr(str) : INADDR_NONE);
 }
+
+/* cidr_mask_addr - convert cidr netmask length to internal form */
+
+unsigned long cidr_mask_addr(str)
+char   *str;
+{
+    int     maskbits;
+
+    maskbits = atoi(str);
+    if (maskbits < 1 || maskbits > 32)
+	return (0);
+    return htonl(0xFFFFFFFF << (32 - maskbits));
+}
+
diff --git a/tcpdchk.c b/tcpdchk.c
index 19bd7d2..416c08d 100644
--- a/tcpdchk.c
+++ b/tcpdchk.c
@@ -479,12 +479,12 @@ char   *pat;
 	int mask_len;
 
 	if ((dot_quad_addr(pat) == INADDR_NONE
-	    || dot_quad_addr(mask) == INADDR_NONE)
+	    || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0)
 	    && (!is_inet6_addr(pat)
 		|| ((mask_len = atoi(mask)) < 0 || mask_len > 128)))
 #else
 	if (dot_quad_addr(pat) == INADDR_NONE
-	    || dot_quad_addr(mask) == INADDR_NONE)
+	    || dot_quad_addr(mask) == INADDR_NONE && cidr_mask_addr(mask) == 0)
 #endif
 	    tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
     } else if (STR_EQ(pat, "FAIL")) {		/* obsolete */
