7 files changed, 40 insertions, 12 deletions

diff --git a/channels/chan_h323.c b/channels/chan_h323.c
index c1da95787..096e8ddbc 100644
--- a/channels/chan_h323.c
+++ b/channels/chan_h323.c
@@ -1425,7 +1425,7 @@ static struct oh323_user *build_user(char *name, struct ast_variable *v, struct
 			}
 		} else if (!strcasecmp(v->name, "permit") ||
 					!strcasecmp(v->name, "deny")) {
-			user->ha = ast_append_ha(v->name, v->value, user->ha);
+			user->ha = ast_append_ha(v->name, v->value, user->ha, NULL);
 		}
 	}
 	if (!user->options.dtmfmode)
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index b4cc8ae80..dc39f10e7 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -8450,7 +8450,7 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st
 				peer_set_srcaddr(peer, v->value);
 			} else if (!strcasecmp(v->name, "permit") ||
 					   !strcasecmp(v->name, "deny")) {
-				peer->ha = ast_append_ha(v->name, v->value, peer->ha);
+				peer->ha = ast_append_ha(v->name, v->value, peer->ha, NULL);
 			} else if (!strcasecmp(v->name, "mask")) {
 				maskfound++;
 				inet_aton(v->value, &peer->mask);
@@ -8610,7 +8610,7 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st
 				}
 			} else if (!strcasecmp(v->name, "permit") ||
 					   !strcasecmp(v->name, "deny")) {
-				user->ha = ast_append_ha(v->name, v->value, user->ha);
+				user->ha = ast_append_ha(v->name, v->value, user->ha, NULL);
 			} else if (!strcasecmp(v->name, "setvar")) {
 				varname = ast_strdupa(v->value);
 				if (varname && (varval = strchr(varname,'='))) {
diff --git a/channels/chan_mgcp.c b/channels/chan_mgcp.c
index 2e0833b5f..bdb704754 100644
--- a/channels/chan_mgcp.c
+++ b/channels/chan_mgcp.c
@@ -3638,7 +3638,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v)
 				}
 			} else if (!strcasecmp(v->name, "permit") ||
 				!strcasecmp(v->name, "deny")) {
-				gw->ha = ast_append_ha(v->name, v->value, gw->ha);
+				gw->ha = ast_append_ha(v->name, v->value, gw->ha, NULL);
 			} else if (!strcasecmp(v->name, "port")) {
 				gw->addr.sin_port = htons(atoi(v->value));
 			} else if (!strcasecmp(v->name, "context")) {
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index bc545e503..a5cfbfd1d 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -15765,7 +15765,11 @@ static struct sip_user *build_user(const char *name, struct ast_variable *v, int
 			user->chanvars = add_var(v->value, user->chanvars);
 		} else if (!strcasecmp(v->name, "permit") ||
 				   !strcasecmp(v->name, "deny")) {
-			user->ha = ast_append_ha(v->name, v->value, user->ha);
+			int ha_error = 0;
+
+			user->ha = ast_append_ha(v->name, v->value, user->ha, &ha_error);
+			if (ha_error)
+				ast_log(LOG_ERROR, "Bad ACL entry in configuration line %d : %s\n", v->lineno, v->value);
 		} else if (!strcasecmp(v->name, "allowtransfer")) {
 			user->allowtransfer = ast_true(v->value) ? TRANSFER_OPENFORALL : TRANSFER_CLOSED;
 		} else if (!strcasecmp(v->name, "secret")) {
@@ -16023,7 +16027,11 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str
 				return NULL;
 			}
 		} else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) {
-			peer->ha = ast_append_ha(v->name, v->value, peer->ha);
+			int ha_error = 0;
+
+			peer->ha = ast_append_ha(v->name, v->value, peer->ha, &ha_error);
+			if (ha_error)
+				ast_log(LOG_ERROR, "Bad ACL entry in configuration line %d : %s\n", v->lineno, v->value);
 		} else if (!strcasecmp(v->name, "port")) {
 			if (!realtime && ast_test_flag(&peer->flags[1], SIP_PAGE2_DYNAMIC))
 				peer->defaddr.sin_port = htons(atoi(v->value));
@@ -16405,10 +16413,14 @@ static int reload_config(enum channelreloadreason reason)
 			}
 		} else if (!strcasecmp(v->name, "localnet")) {
 			struct ast_ha *na;
-			if (!(na = ast_append_ha("d", v->value, localaddr)))
+			int ha_error;
+
+			if (!(na = ast_append_ha("d", v->value, localaddr, &ha_error)))
 				ast_log(LOG_WARNING, "Invalid localnet value: %s\n", v->value);
 			else
 				localaddr = na;
+			if (ha_error)
+				ast_log(LOG_ERROR, "Bad localnet configuration value line %d : %s\n", v->lineno, v->value);
 		} else if (!strcasecmp(v->name, "externip")) {
 			if (!(hp = ast_gethostbyname(v->value, &ahp))) 
 				ast_log(LOG_WARNING, "Invalid address for externip keyword: %s\n", v->value);
diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 75bf874c8..df0d1e4de 100644
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -2027,7 +2027,7 @@ static struct skinny_device *build_device(const char *cat, struct ast_variable *
 			} else if (!strcasecmp(v->name, "device")) {
 				ast_copy_string(d->id, v->value, sizeof(d->id));
 			} else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) {
-				d->ha = ast_append_ha(v->name, v->value, d->ha);
+				d->ha = ast_append_ha(v->name, v->value, d->ha, NULL);
 			} else if (!strcasecmp(v->name, "context")) {
 				ast_copy_string(context, v->value, sizeof(context));
 			} else if (!strcasecmp(v->name, "allow")) {
diff --git a/include/asterisk/acl.h b/include/asterisk/acl.h
index b3a0e7aee..efc604990 100644
--- a/include/asterisk/acl.h
+++ b/include/asterisk/acl.h
@@ -38,13 +38,24 @@ extern "C" {
 
 struct ast_ha;
 
+/*! \brief Free host access list */
 void ast_free_ha(struct ast_ha *ha);
-struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path);
+
+/*! \brief Append ACL entry to host access list. */
+struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path, int *error);
+
+/*! \brief Check IP address with host access list */
 int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin);
+
+/*! \brief Copy host access list */
+struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original);
+
 int ast_get_ip(struct sockaddr_in *sin, const char *value);
+
 int ast_get_ip_or_srv(struct sockaddr_in *sin, const char *value, const char *service);
+
 int ast_ouraddrfor(struct in_addr *them, struct in_addr *us);
-struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original);
+
 int ast_find_ourip(struct in_addr *ourip, struct sockaddr_in bindaddr);
 int ast_str2tos(const char *value, unsigned int *tos);
 const char *ast_tos2str(unsigned int tos);
diff --git a/main/acl.c b/main/acl.c
index 7e50d1f9d..e2caa2eee 100644
--- a/main/acl.c
+++ b/main/acl.c
@@ -137,7 +137,7 @@ struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
 	return ret;    			/* Return start of list */
 }
 
-struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path)
+struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path, int *error)
 {
 	struct ast_ha *ha;
 	char *nm = "255.255.255.255";
@@ -172,11 +172,15 @@ struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path)
 			}
 		} else if (!inet_aton(nm, &ha->netmask)) {
 			ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm);
+			if (error)
+				*error = 1;
 			free(ha);
 			return ret;
 		}
 		if (!inet_aton(tmp, &ha->netaddr)) {
 			ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp);
+			if (error)
+				*error = 1;
 			free(ha);
 			return ret;
 		}
@@ -193,7 +197,8 @@ struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path)
 			ret = ha;
 		}
 	}
-	ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm);
+	if (option_debug)
+		ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm);
 	return ret;
 }