Fix 'geoip' ACL matching bug

The geoip2.c:match_string() function can incorrectly return 'true'
when matching strings of different lengths (i.e. it matches a
substring). Return 'false' when the lengths of the matched strings
are different.

diff --git a/lib/dns/geoip2.c b/lib/dns/geoip2.c
index 9a33ce7df5aa3eba22ac75ad11ad59c09724fc7e..c47edeea99b05eb7517ed613c01590c824b350bd 100644 (file)
--- a/lib/dns/geoip2.c
+++ b/lib/dns/geoip2.c
@@ -194,7 +194,7 @@ match_string(MMDB_entry_data_s *value, const char *str) {
 
        if (value == NULL || !value->has_data ||
            value->type != MMDB_DATA_TYPE_UTF8_STRING ||
-           value->utf8_string == NULL)
+           value->utf8_string == NULL || value->data_size != strlen(str))
        {
                return false;
        }