From 0cb70651aadca621b96c3f658cf0e03266f2e37a Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sat, 13 Feb 2021 17:10:15 +0100 Subject: [PATCH] host: improve compare logic The old compare macro would compare all bytes of an address, even when for IPv4 addresses the additional bytes were not in use. This made the logic vulnerable to mistakes like in issue #4280. (cherry picked from commit 6bfc5afa2301cc416e2fced23ec1accdfdea0daf) --- src/host.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/host.c b/src/host.c index 4e79be14da..7db2d958f4 100644 --- a/src/host.c +++ b/src/host.c @@ -410,14 +410,17 @@ static inline uint32_t HostGetKey(Address *a) return key; } -/* Since two or more hosts can have the same hash key, we need to compare - * the flow with the current flow key. */ -#define CMP_HOST(h,a) \ - (CMP_ADDR(&(h)->a, (a))) - static inline int HostCompare(Host *h, Address *a) { - return CMP_HOST(h, a); + if (h->a.family == a->family) { + switch (a->family) { + case AF_INET: + return (h->a.addr_data32[0] == a->addr_data32[0]); + case AF_INET6: + return CMP_ADDR(&h->a, a); + } + } + return 0; } /** -- 2.47.2