From: Mark Andrews <marka@isc.org>
Date: Wed, 25 Sep 2013 21:40:34 +0000 (+1000)
Subject: 3656.   [bug]           Treat a all zero netmask as invalid when generating
X-Git-Tag: v9.8.6-P1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0cf71ac4ab76793de8ebd7524bdbae9045b66694;p=thirdparty%2Fbind9.git

3656.   [bug]           Treat a all zero netmask as invalid when generating
                        the localnets acl. [RT #34687]

(cherry picked from commit c9ee72cb3acb4562c43333b206737ee94cbbda5e)
---

diff --git a/CHANGES b/CHANGES
index c5a66f10a87..b5c7a9572bc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3656.	[bug]		Treat a all zero netmask as invalid when generating
+			the localnets acl. [RT #34687]
+
 	--- 9.8.6 released ---
 
 3638.	[cleanup]	Add the ability to handle ENOPROTOOPT in case it is 
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 15ffe00aa51..9cf3cde697b 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -525,15 +525,22 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
 		return (result);
 
 	if (result != ISC_R_SUCCESS) {
-		isc_log_write(IFMGR_COMMON_LOGARGS,
-			      ISC_LOG_WARNING,
+		isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING,
 			      "omitting IPv4 interface %s from "
-			      "localnets ACL: %s",
-			      interface->name,
+			      "localnets ACL: %s", interface->name,
 			      isc_result_totext(result));
 		return (ISC_R_SUCCESS);
 	}
 
+	if (prefixlen == 0U) {
+		isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING,
+			      "omitting %s interface %s from localnets ACL: "
+			      "zero prefix length detected",
+			      (netaddr->family == AF_INET) ? "IPv4" : "IPv6",
+			      interface->name);
+		return (ISC_R_SUCCESS);
+	}
+
 	result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
 				       netaddr, prefixlen, ISC_TRUE);
 	if (result != ISC_R_SUCCESS)