From 804622535520fb24a385ce7a2c87ee4f3e4885f5 Mon Sep 17 00:00:00 2001
From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Wed, 9 Oct 2019 22:49:21 +0200
Subject: [PATCH] iputils.hh: NetmaskTree: Always normalize key netmasks.

This makes address bits below the network mask all zero, which is consistent
with the tree's behavior.

This change addresses one sensitivity to this behavioral change in the recursor
cache.
---
 pdns/iputils.hh        | 7 ++++---
 pdns/recursor_cache.cc | 3 +++
 pdns/recursor_cache.hh | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/pdns/iputils.hh b/pdns/iputils.hh
index 1cc160e28b..ea97030764 100644
--- a/pdns/iputils.hh
+++ b/pdns/iputils.hh
@@ -632,6 +632,9 @@ private:
  * to a *LIST* of *PREFIXES*. Not the other way round.
  *
  * You can store IPv4 and IPv6 addresses to same tree, separate payload storage is kept per AFI.
+ * Network prefixes (Netmasks) are always recorded in normalized fashion, meaning that only
+ * the network bits are set. This is what is returned in the insert() and lookup() return
+ * values.
  *
  * Use swap if you need to move the tree to another NetmaskTree instance, it is WAY faster
  * than using copy ctor or assignment operator, since it moves the nodes and tree root to
@@ -657,7 +660,7 @@ private:
       parent(nullptr), node(new node_type()), assigned(false), d_bits(0) {
     }
     explicit TreeNode(const key_type& key) noexcept :
-      parent(nullptr), node(new node_type({key, value_type()})),
+      parent(nullptr), node(new node_type({key.getNormalized(), value_type()})),
       assigned(false), d_bits(key.getAddressBits()) {
     }
 
@@ -906,8 +909,6 @@ public:
       node->assigned = true;
     }
 
-    // assign key
-    value->first = key;
     return *value;
   }
 
diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc
index ca1f8bd1cb..0ea942ed49 100644
--- a/pdns/recursor_cache.cc
+++ b/pdns/recursor_cache.cc
@@ -240,6 +240,9 @@ void MemRecursorCache::replace(time_t now, const DNSName &qname, const QType& qt
 {
   d_cachecachevalid = false;
   //  cerr<<"Replacing "<<qname<<" for "<< (ednsmask ? ednsmask->toString() : "everyone") << endl;
+  if (ednsmask) {
+    ednsmask = ednsmask->getNormalized();
+  }
   auto key = boost::make_tuple(qname, qt.getCode(), ednsmask ? *ednsmask : Netmask());
   bool isNew = false;
   cache_t::iterator stored = d_cache.find(key);
diff --git a/pdns/recursor_cache.hh b/pdns/recursor_cache.hh
index e9a44c86c7..d298671ba0 100644
--- a/pdns/recursor_cache.hh
+++ b/pdns/recursor_cache.hh
@@ -73,7 +73,7 @@ private:
   struct CacheEntry
   {
     CacheEntry(const boost::tuple<DNSName, uint16_t, Netmask>& key, bool auth):
-      d_qname(key.get<0>()), d_netmask(key.get<2>()), d_state(Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth)
+      d_qname(key.get<0>()), d_netmask(key.get<2>().getNormalized()), d_state(Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth)
     {
     }
 
-- 
2.47.2