Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 70A16200B5A for ; Thu, 4 Aug 2016 18:14:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6F329160AAB; Thu, 4 Aug 2016 16:14:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B6864160A6A for ; Thu, 4 Aug 2016 18:14:04 +0200 (CEST) Received: (qmail 59517 invoked by uid 500); 4 Aug 2016 16:14:03 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 59507 invoked by uid 99); 4 Aug 2016 16:14:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Aug 2016 16:14:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 539EFC065E for ; Thu, 4 Aug 2016 16:14:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -3.546 X-Spam-Level: X-Spam-Status: No, score=-3.546 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.245, SPF_PASS=-0.001] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id vTnJEiT5YcPY for ; Thu, 4 Aug 2016 16:14:01 +0000 (UTC) Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTP id CA5A25F1B8 for ; Thu, 4 Aug 2016 16:14:00 +0000 (UTC) Received: from [10.0.110.6] ([192.168.2.104]) by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id u74GDxD0027687 for ; Thu, 4 Aug 2016 18:13:59 +0200 (CEST) Subject: Re: mod_remoteip DNS address resolution To: dev@httpd.apache.org References: From: Rainer Jung Message-ID: <9c67edfa-d3ab-859d-27d7-5a4af83ced3f@kippdata.de> Date: Thu, 4 Aug 2016 18:13:55 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit archived-at: Thu, 04 Aug 2016 16:14:05 -0000 Am 04.08.2016 um 17:46 schrieb Yann Ylavic: > On Thu, Aug 4, 2016 at 3:30 PM, Rainer Jung wrote: >> >> - apr_ipsubnet_create() has some logic, that for instance accepts "192.168" >> as input with NULL mask_or_numbits and returns sub 192.168.0.0 and mask >> 255.255.0.0. > > Hmm, indeed, but this looks buggy to me. > Shouldn't apr_ipsubnet_create() be fixed with: > > - rv = parse_ip(*ipsub, ipstr, mask_or_numbits == NULL); > + rv = parse_ip(*ipsub, ipstr, mask_or_numbits != NULL); > > ? At least code archaeology shows this condition goes back very long way. It seems to me NULL was used as a marker for abbreviated IPv4 network address, like 192.168 meaning 192.168/16. Simply switching the test could break stuff like simple IP ACLs ("Allow from 192.168"). Not tested with httpd though, I was just doing some tests by calling apr_ipsubnet_create() directly from a small standalone program to confirm its behavior. Regards, Rainer