From: bert hubert <bert.hubert@powerdns.com>
Date: Wed, 18 Jan 2017 15:16:19 +0000 (+0100)
Subject: EDNS Client Subnet parser delivered 'over precise' netmasks, like 1.2.3.4/16. This... 
X-Git-Tag: rec-4.0.5-rc2^2~7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f2b889fa4cca5ab54b0011bd25f606676d2517d9;p=pdns

EDNS Client Subnet parser delivered 'over precise' netmasks, like 1.2.3.4/16. This might have caused problems, but at the very least looks odd. We truncate now.

(cherry picked from commit b85f49a0aa392d40f00e134708c2e12aa1231870)
---

diff --git a/pdns/ednssubnet.cc b/pdns/ednssubnet.cc
index 62fa73ee5..d87f26c9e 100644
--- a/pdns/ednssubnet.cc
+++ b/pdns/ednssubnet.cc
@@ -73,7 +73,12 @@ bool getEDNSSubnetOptsFromString(const char* options, unsigned int len, EDNSSubn
     return false;
  // cerr<<"Source address: "<<address.toString()<<", mask: "<<(int)esow.sourceMask<<endl;
   eso->source = Netmask(address, esow.sourceMask);
+  /* 'address' has more bits set (potentially) than scopeMask. This leads to odd looking netmasks that promise
+     more precision than they have. For this reason we truncate the address to scopeMask bits */
+  
+  address.truncate(esow.scopeMask); // truncate will not throw for odd scopeMasks
   eso->scope = Netmask(address, esow.scopeMask);
+
   return true;
 }