EDNS Client Subnet parser delivered 'over precise' netmasks, like 1.2.3.4/16. This...

(cherry picked from commit b85f49a0aa392d40f00e134708c2e12aa1231870)

diff --git a/pdns/ednssubnet.cc b/pdns/ednssubnet.cc
index 62fa73ee511fed8a377d7f13b851e2efbb193aa1..d87f26c9e254eb304effc623c55a8f7f82a4a82d 100644 (file)
--- a/pdns/ednssubnet.cc
+++ b/pdns/ednssubnet.cc
@@ -73,7 +73,12 @@ bool getEDNSSubnetOptsFromString(const char* options, unsigned int len, EDNSSubn
     return false;
  // cerr<<"Source address: "<<address.toString()<<", mask: "<<(int)esow.sourceMask<<endl;
   eso->source = Netmask(address, esow.sourceMask);
+  /* 'address' has more bits set (potentially) than scopeMask. This leads to odd looking netmasks that promise
+     more precision than they have. For this reason we truncate the address to scopeMask bits */
+  
+  address.truncate(esow.scopeMask); // truncate will not throw for odd scopeMasks
   eso->scope = Netmask(address, esow.scopeMask);
+
   return true;
 }