From: Aram Sargsyan <aram@isc.org>
Date: Mon, 25 May 2026 14:19:53 +0000 (+0000)
Subject: Fix 'geoip' ACL matching bug
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8448136b166a60a5738915df376c03532f34b93b;p=thirdparty%2Fbind9.git

Fix 'geoip' ACL matching bug

The geoip2.c:match_string() function can incorrectly return 'true'
when matching strings of different lengths (i.e. it matches a
substring). Return 'false' when the lengths of the matched strings
are different.
---

diff --git a/lib/dns/geoip2.c b/lib/dns/geoip2.c
index 9a33ce7df5a..c47edeea99b 100644
--- a/lib/dns/geoip2.c
+++ b/lib/dns/geoip2.c
@@ -194,7 +194,7 @@ match_string(MMDB_entry_data_s *value, const char *str) {
 
 	if (value == NULL || !value->has_data ||
 	    value->type != MMDB_DATA_TYPE_UTF8_STRING ||
-	    value->utf8_string == NULL)
+	    value->utf8_string == NULL || value->data_size != strlen(str))
 	{
 		return false;
 	}