From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Wed, 9 Oct 2019 20:49:21 +0000 (+0200)
Subject: iputils.hh: NetmaskTree: Always normalize key netmasks.
X-Git-Tag: auth-4.3.0-beta2~20^2~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=804622535520fb24a385ce7a2c87ee4f3e4885f5;p=thirdparty%2Fpdns.git

iputils.hh: NetmaskTree: Always normalize key netmasks.

This makes address bits below the network mask all zero, which is consistent
with the tree's behavior.

This change addresses one sensitivity to this behavioral change in the recursor
cache.
---

diff --git a/pdns/iputils.hh b/pdns/iputils.hh
index 1cc160e28b..ea97030764 100644
--- a/pdns/iputils.hh
+++ b/pdns/iputils.hh
@@ -632,6 +632,9 @@ private:
  * to a *LIST* of *PREFIXES*. Not the other way round.
  *
  * You can store IPv4 and IPv6 addresses to same tree, separate payload storage is kept per AFI.
+ * Network prefixes (Netmasks) are always recorded in normalized fashion, meaning that only
+ * the network bits are set. This is what is returned in the insert() and lookup() return
+ * values.
  *
  * Use swap if you need to move the tree to another NetmaskTree instance, it is WAY faster
  * than using copy ctor or assignment operator, since it moves the nodes and tree root to
@@ -657,7 +660,7 @@ private:
       parent(nullptr), node(new node_type()), assigned(false), d_bits(0) {
     }
     explicit TreeNode(const key_type& key) noexcept :
-      parent(nullptr), node(new node_type({key, value_type()})),
+      parent(nullptr), node(new node_type({key.getNormalized(), value_type()})),
       assigned(false), d_bits(key.getAddressBits()) {
     }
 
@@ -906,8 +909,6 @@ public:
       node->assigned = true;
     }
 
-    // assign key
-    value->first = key;
     return *value;
   }
 
diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc
index ca1f8bd1cb..0ea942ed49 100644
--- a/pdns/recursor_cache.cc
+++ b/pdns/recursor_cache.cc
@@ -240,6 +240,9 @@ void MemRecursorCache::replace(time_t now, const DNSName &qname, const QType& qt
 {
   d_cachecachevalid = false;
   //  cerr<<"Replacing "<<qname<<" for "<< (ednsmask ? ednsmask->toString() : "everyone") << endl;
+  if (ednsmask) {
+    ednsmask = ednsmask->getNormalized();
+  }
   auto key = boost::make_tuple(qname, qt.getCode(), ednsmask ? *ednsmask : Netmask());
   bool isNew = false;
   cache_t::iterator stored = d_cache.find(key);
diff --git a/pdns/recursor_cache.hh b/pdns/recursor_cache.hh
index e9a44c86c7..d298671ba0 100644
--- a/pdns/recursor_cache.hh
+++ b/pdns/recursor_cache.hh
@@ -73,7 +73,7 @@ private:
   struct CacheEntry
   {
     CacheEntry(const boost::tuple<DNSName, uint16_t, Netmask>& key, bool auth):
-      d_qname(key.get<0>()), d_netmask(key.get<2>()), d_state(Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth)
+      d_qname(key.get<0>()), d_netmask(key.get<2>().getNormalized()), d_state(Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth)
     {
     }