host: improve compare logic

The old compare macro would compare all bytes of an address, even
when for IPv4 addresses the additional bytes were not in use. This
made the logic vulnerable to mistakes like in issue #4280.

(cherry picked from commit 6bfc5afa2301cc416e2fced23ec1accdfdea0daf)

diff --git a/src/host.c b/src/host.c
index 4e79be14daf54d2091f85d673692a3e65f5f0108..7db2d958f4a30055e3a667728a048239c3a487ff 100644 (file)
--- a/src/host.c
+++ b/src/host.c
@@ -410,14 +410,17 @@ static inline uint32_t HostGetKey(Address *a)
     return key;
 }
 
-/* Since two or more hosts can have the same hash key, we need to compare
- * the flow with the current flow key. */
-#define CMP_HOST(h,a) \
-    (CMP_ADDR(&(h)->a, (a)))
-
 static inline int HostCompare(Host *h, Address *a)
 {
-    return CMP_HOST(h, a);
+    if (h->a.family == a->family) {
+        switch (a->family) {
+            case AF_INET:
+                return (h->a.addr_data32[0] == a->addr_data32[0]);
+            case AF_INET6:
+                return CMP_ADDR(&h->a, a);
+        }
+    }
+    return 0;
 }
 
 /**