From 2036f8cb7a885dd82616c55f54032ba67a0d2c91 Mon Sep 17 00:00:00 2001
From: Dreamacro <305009791@qq.com>
Date: Sat, 30 Mar 2019 14:11:59 +0800
Subject: [PATCH] Fix: IP-CIDR invalid payload crash

---
 config/config.go | 27 +++++++++++++++++++--------
 rules/ipcidr.go  |  1 +
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/config/config.go b/config/config.go
index cc769903..190478a1 100644
--- a/config/config.go
+++ b/config/config.go
@@ -339,28 +339,39 @@ func parseRules(cfg *rawConfig) ([]C.Rule, error) {
 			payload = rule[1]
 			target = rule[2]
 		default:
-			return nil, fmt.Errorf("Rules[%d] [- %s] error: format invalid", idx, line)
+			return nil, fmt.Errorf("Rules[%d] [%s] error: format invalid", idx, line)
 		}
 
 		rule = trimArr(rule)
+		var parsed C.Rule
 		switch rule[0] {
 		case "DOMAIN":
-			rules = append(rules, R.NewDomain(payload, target))
+			parsed = R.NewDomain(payload, target)
 		case "DOMAIN-SUFFIX":
-			rules = append(rules, R.NewDomainSuffix(payload, target))
+			parsed = R.NewDomainSuffix(payload, target)
 		case "DOMAIN-KEYWORD":
-			rules = append(rules, R.NewDomainKeyword(payload, target))
+			parsed = R.NewDomainKeyword(payload, target)
 		case "GEOIP":
-			rules = append(rules, R.NewGEOIP(payload, target))
+			parsed = R.NewGEOIP(payload, target)
 		case "IP-CIDR", "IP-CIDR6":
-			rules = append(rules, R.NewIPCIDR(payload, target, false))
+			if rule := R.NewIPCIDR(payload, target, false); rule != nil {
+				parsed = rule
+			}
 		case "SOURCE-IP-CIDR":
-			rules = append(rules, R.NewIPCIDR(payload, target, true))
+			if rule := R.NewIPCIDR(payload, target, true); rule != nil {
+				parsed = rule
+			}
 		case "MATCH":
 			fallthrough
 		case "FINAL":
-			rules = append(rules, R.NewMatch(target))
+			parsed = R.NewMatch(target)
 		}
+
+		if parsed == nil {
+			return nil, fmt.Errorf("Rules[%d] [%s] error: payload invalid", idx, line)
+		}
+
+		rules = append(rules, parsed)
 	}
 
 	return rules, nil
diff --git a/rules/ipcidr.go b/rules/ipcidr.go
index c2a02ef8..87214554 100644
--- a/rules/ipcidr.go
+++ b/rules/ipcidr.go
@@ -38,6 +38,7 @@ func (i *IPCIDR) Payload() string {
 func NewIPCIDR(s string, adapter string, isSourceIP bool) *IPCIDR {
 	_, ipnet, err := net.ParseCIDR(s)
 	if err != nil {
+		return nil
 	}
 	return &IPCIDR{
 		ipnet:      ipnet,