mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any

Browse Source 
address, regardless of family.  They now correctly
			distinguish IPv4 from IPv6.  [RT #18559]
This commit is contained in:
Evan Hunt
2008-09-26 21:12:02 +00:00
parent 106360491a
commit b0bf1ad5b0
5 changed files with 91 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
lib/isc/radix.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: radix.c,v 1.18 2008/09/14 04:54:49 marka Exp $ */
/* $Id: radix.c,v 1.19 2008/09/26 21:12:02 each Exp $ */
/*
* This source was adapted from MRT's RCS Ids:
@@ -53,7 +53,7 @@ _new_prefix(isc_mem_t *mctx, isc_prefix_t **target, int family, void *dest,
REQUIRE(target != NULL);
if (family != AF_INET6 && family != AF_INET)
if (family != AF_INET6 && family != AF_INET && family != AF_UNSPEC)
return (ISC_R_NOTIMPLEMENTED);
prefix = isc_mem_get(mctx, sizeof(isc_prefix_t));
@@ -64,6 +64,7 @@ _new_prefix(isc_mem_t *mctx, isc_prefix_t **target, int family, void *dest,
prefix->bitlen = (bitlen >= 0) ? bitlen : 128;
memcpy(&prefix->add.sin6, dest, 16);
} else {
/* AF_UNSPEC is "any" or "none"--treat it as AF_INET */
prefix->bitlen = (bitlen >= 0) ? bitlen : 32;
memcpy(&prefix->add.sin, dest, 4);
}
@@ -95,7 +96,8 @@ static isc_result_t
_ref_prefix(isc_mem_t *mctx, isc_prefix_t **target, isc_prefix_t *prefix) {
INSIST(prefix != NULL);
INSIST((prefix->family == AF_INET && prefix->bitlen <= 32) ||
(prefix->family == AF_INET6 && prefix->bitlen <= 128));
(prefix->family == AF_INET6 && prefix->bitlen <= 128) ||
(prefix->family == AF_UNSPEC && prefix->bitlen == 0));
REQUIRE(target != NULL);
/*
@@ -238,7 +240,7 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target,
isc_radix_node_t *stack[RADIX_MAXBITS + 1];
u_char *addr;
isc_uint32_t bitlen;
int family, tfamily = -1;
int tfamily = -1;
int cnt = 0;
REQUIRE(radix != NULL);
@@ -278,16 +280,12 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target,
if (_comp_with_mask(isc_prefix_tochar(node->prefix),
isc_prefix_tochar(prefix),
node->prefix->bitlen)) {
/* Bitlen 0 means "any" or "none",
which is always treated as IPv4 */
family = node->prefix->bitlen ?
prefix->family : AF_INET;
if (node->node_num[ISC_IS6(family)] != -1 &&
if (node->node_num[ISC_IS6(prefix->family)] != -1 &&
((*target == NULL) ||
(*target)->node_num[ISC_IS6(tfamily)] >
node->node_num[ISC_IS6(family)])) {
node->node_num[ISC_IS6(prefix->family)])) {
*target = node;
tfamily = family;
tfamily = prefix->family;
}
}
}
@@ -305,7 +303,7 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
{
isc_radix_node_t *node, *new_node, *parent, *glue = NULL;
u_char *addr, *test_addr;
isc_uint32_t bitlen, family, check_bit, differ_bit;
isc_uint32_t bitlen, fam, check_bit, differ_bit;
isc_uint32_t i, j, r;
isc_result_t result;
@@ -319,9 +317,7 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
INSIST(prefix != NULL);
bitlen = prefix->bitlen;
/* Bitlen 0 means "any" or "none", which is always treated as IPv4 */
family = bitlen ? prefix->family : AF_INET;
fam = prefix->family;
if (radix->head == NULL) {
node = isc_mem_get(radix->mctx, sizeof(isc_radix_node_t));
@@ -355,8 +351,14 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
node->data[0] = source->data[0];
node->data[1] = source->data[1];
} else {
node->node_num[ISC_IS6(family)] =
++radix->num_added_node;
if (fam == AF_UNSPEC) {
/* "any" or "none" */
node->node_num[0] = node->node_num[1] =
++radix->num_added_node;
} else {
node->node_num[ISC_IS6(fam)] =
++radix->num_added_node;
}
node->data[0] = NULL;
node->data[1] = NULL;
}
@@ -436,9 +438,22 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
node->data[1] = source->data[1];
}
} else {
if (node->node_num[ISC_IS6(family)] == -1)
node->node_num[ISC_IS6(family)] =
++radix->num_added_node;
if (fam == AF_UNSPEC) {
/* "any" or "none" */
int next = radix->num_added_node + 1;
if (node->node_num[0] == -1) {
node->node_num[0] = next;
radix->num_added_node = next;
}
if (node->node_num[1] == -1) {
node->node_num[2] = next;
radix->num_added_node = next;
}
} else {
if (node->node_num[ISC_IS6(fam)] == -1)
node->node_num[ISC_IS6(fam)]
= ++radix->num_added_node;
}
}
*target = node;
return (ISC_R_SUCCESS);
@@ -463,8 +478,14 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
node->data[1] = source->data[1];
}
} else {
node->node_num[ISC_IS6(family)] =
++radix->num_added_node;
if (fam == AF_UNSPEC) {
/* "any" or "none" */
node->node_num[0] = node->node_num[1] =
++radix->num_added_node;
} else {
node->node_num[ISC_IS6(fam)] =
++radix->num_added_node;
}
}
*target = node;
return (ISC_R_SUCCESS);
@@ -506,7 +527,14 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
new_node->data[0] = source->data[0];
new_node->data[1] = source->data[1];
} else {
new_node->node_num[ISC_IS6(family)] = ++radix->num_added_node;
if (fam == AF_UNSPEC) {
/* "any" or "none" */
new_node->node_num[0] = new_node->node_num[1] =
++radix->num_added_node;
} else {
new_node->node_num[ISC_IS6(fam)] =
++radix->num_added_node;
}
new_node->data[0] = NULL;
new_node->data[1] = NULL;
}
@@ -554,7 +582,7 @@ isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target,
glue->node_num[0] = glue->node_num[1] = -1;
radix->num_active_node++;
if (differ_bit < radix->maxbits &&
BIT_TEST(addr[differ_bit >> 3], 0x80 >> (differ_bit & 0x07))) {
BIT_TEST(addr[differ_bit>>3], 0x80 >> (differ_bit & 07))) {
glue->r = new_node;
glue->l = node;
} else {