parse_netmask() in src/hostmask.c does not validate that the values that it passes to atoi() are valid numerical values. This means that an invalid netmask could be passed (such as 192.168.0.1/i) which would cause atoi() to return zero. The accidental mass k-lining on freenode on 17th August 2017 in response to a spambot attack was partly due to an invalid netmask being passed to the IRC server which was not sanitised.
parse_netmask()insrc/hostmask.cdoes not validate that the values that it passes toatoi()are valid numerical values. This means that an invalid netmask could be passed (such as192.168.0.1/i) which would causeatoi()to return zero. The accidental mass k-lining on freenode on 17th August 2017 in response to a spambot attack was partly due to an invalid netmask being passed to the IRC server which was not sanitised.