Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: prevent /32 ipv4 mask from matching all ips #43381

Merged
merged 2 commits into from
Jun 25, 2022
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions src/node_sockaddr.cc
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,10 @@ bool in_network_ipv4(
const SocketAddress& ip,
const SocketAddress& net,
int prefix) {
uint32_t mask = ((1 << prefix) - 1) << (32 - prefix);
if (prefix == 32)
return compare_ipv4(ip, net) == SocketAddress::CompareResult::SAME;

uint32_t mask = ((1ull << prefix) - 1) << (32 - prefix);
supriyo-biswas marked this conversation as resolved.
Show resolved Hide resolved

const sockaddr_in* ip_in =
reinterpret_cast<const sockaddr_in*>(ip.data());
Expand Down Expand Up @@ -293,7 +296,7 @@ bool in_network_ipv6_ipv4(
if (prefix == 32)
return compare_ipv4_ipv6(net, ip) == SocketAddress::CompareResult::SAME;

uint32_t m = ((1 << prefix) - 1) << (32 - prefix);
uint32_t m = ((1ull << prefix) - 1) << (32 - prefix);

const sockaddr_in6* ip_in =
reinterpret_cast<const sockaddr_in6*>(ip.data());
Expand Down
10 changes: 10 additions & 0 deletions test/parallel/test-blocklist.js
Original file line number Diff line number Diff line change
Expand Up @@ -272,3 +272,13 @@ const util = require('util');
const ret = util.inspect(blockList, { depth: null });
assert(ret.includes('rules: []'));
}

{
// Test for https://github.com/nodejs/node/issues/43360
const blocklist = new BlockList();
blocklist.addSubnet('1.1.1.1', 32, 'ipv4');

assert(blocklist.check('1.1.1.1'));
assert(!blocklist.check('1.1.1.2'));
assert(!blocklist.check('2.3.4.5'));
}