From: bert hubert <bert.hubert@powerdns.com>
Date: Wed, 18 Jan 2017 15:16:19 +0000 (+0100)
Subject: EDNS Client Subnet parser delivered 'over precise' netmasks, like 1.2.3.4/16. This... 
X-Git-Tag: rec-4.1.0-alpha1~303^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b85f49a0aa392d40f00e134708c2e12aa1231870;p=thirdparty%2Fpdns.git

EDNS Client Subnet parser delivered 'over precise' netmasks, like 1.2.3.4/16. This might have caused problems, but at the very least looks odd. We truncate now.
---

diff --git a/pdns/ednssubnet.cc b/pdns/ednssubnet.cc
index 62fa73ee51..d87f26c9e2 100644
--- a/pdns/ednssubnet.cc
+++ b/pdns/ednssubnet.cc
@@ -73,7 +73,12 @@ bool getEDNSSubnetOptsFromString(const char* options, unsigned int len, EDNSSubn
     return false;
  // cerr<<"Source address: "<<address.toString()<<", mask: "<<(int)esow.sourceMask<<endl;
   eso->source = Netmask(address, esow.sourceMask);
+  /* 'address' has more bits set (potentially) than scopeMask. This leads to odd looking netmasks that promise
+     more precision than they have. For this reason we truncate the address to scopeMask bits */
+  
+  address.truncate(esow.scopeMask); // truncate will not throw for odd scopeMasks
   eso->scope = Netmask(address, esow.scopeMask);
+
   return true;
 }