dnsdist: Parse the new web ACL before clearing the existing one

Otherwise we end up with an empty ACL (everything will be refused)
if the new one is not valid.

diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc
index 99a7a4aca14a820ae2b595421256ed0e82e3d805..1ec5cf3058e94428ffd698c89700b9c2e9e909dd 100644 (file)
--- a/pdns/dnsdist-web.cc
+++ b/pdns/dnsdist-web.cc
@@ -1235,10 +1235,13 @@ void setWebserverPassword(const std::string& password)
 
 void setWebserverACL(const std::string& acl)
 {
-  std::lock_guard<std::mutex> lock(g_webserverConfig.lock);
+  NetmaskGroup newACL;
+  newACL.toMasks(acl);
 
-  g_webserverConfig.acl.clear();
-  g_webserverConfig.acl.toMasks(acl);
+  {
+    std::lock_guard<std::mutex> lock(g_webserverConfig.lock);
+    g_webserverConfig.acl = std::move(newACL);
+  }
 }
 
 void setWebserverCustomHeaders(const boost::optional<std::map<std::string, std::string> > customHeaders)