From 452192f243e48b8d4fe17dc8cf26d976a127c658 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 15 Jun 2020 15:25:40 +0200
Subject: [PATCH] dnsdist: Parse the new web ACL before clearing the existing
 one

Otherwise we end up with an empty ACL (everything will be refused)
if the new one is not valid.
---
 pdns/dnsdist-web.cc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc
index 99a7a4aca1..1ec5cf3058 100644
--- a/pdns/dnsdist-web.cc
+++ b/pdns/dnsdist-web.cc
@@ -1235,10 +1235,13 @@ void setWebserverPassword(const std::string& password)
 
 void setWebserverACL(const std::string& acl)
 {
-  std::lock_guard<std::mutex> lock(g_webserverConfig.lock);
+  NetmaskGroup newACL;
+  newACL.toMasks(acl);
 
-  g_webserverConfig.acl.clear();
-  g_webserverConfig.acl.toMasks(acl);
+  {
+    std::lock_guard<std::mutex> lock(g_webserverConfig.lock);
+    g_webserverConfig.acl = std::move(newACL);
+  }
 }
 
 void setWebserverCustomHeaders(const boost::optional<std::map<std::string, std::string> > customHeaders)
-- 
2.39.2