ignore meaningless bits in CIDR and warn about them
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c index de4cae2..31094ba 100644 --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c
@@ -214,7 +214,13 @@ in_cidr->mask = htonl((ngx_uint_t) (0 - (1 << (32 - m)))); - return NGX_OK; + if (in_cidr->addr == (in_cidr->addr & in_cidr->mask)) { + return NGX_OK; + } + + in_cidr->addr &= in_cidr->mask; + + return NGX_DONE; }
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index d32fb7f..7a856d4 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c
@@ -1038,8 +1038,9 @@ #if (NGX_DEBUG) ngx_event_conf_t *ecf = conf; - ngx_event_debug_t *dc; + ngx_int_t rc; ngx_str_t *value; + ngx_event_debug_t *dc; struct hostent *h; ngx_inet_cidr_t in_cidr; @@ -1056,13 +1057,21 @@ if (dc->addr != INADDR_NONE) { dc->mask = 0xffffffff; - return NGX_OK; + return NGX_CONF_OK; } - if (ngx_ptocidr(&value[1], &in_cidr) == NGX_OK) { + rc = ngx_ptocidr(&value[1], &in_cidr); + + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", &value[1]); + rc = NGX_OK; + } + + if (rc == NGX_OK) { dc->mask = in_cidr.mask; dc->addr = in_cidr.addr; - return NGX_OK; + return NGX_CONF_OK; } h = gethostbyname((char *) value[1].data); @@ -1084,7 +1093,7 @@ #endif - return NGX_OK; + return NGX_CONF_OK; }
diff --git a/src/http/modules/ngx_http_access_module.c b/src/http/modules/ngx_http_access_module.c index 2cd8a8f..e4e87b2 100644 --- a/src/http/modules/ngx_http_access_module.c +++ b/src/http/modules/ngx_http_access_module.c
@@ -137,6 +137,7 @@ { ngx_http_access_loc_conf_t *alcf = conf; + ngx_int_t rc; ngx_str_t *value; ngx_inet_cidr_t in_cidr; ngx_http_access_rule_t *rule; @@ -173,12 +174,19 @@ return NGX_CONF_OK; } - if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { + rc = ngx_ptocidr(&value[1], &in_cidr); + + if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", &value[1]); + } + rule->mask = in_cidr.mask; rule->addr = in_cidr.addr;
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c index 9c43bd7..bb9085e 100644 --- a/src/http/modules/ngx_http_geo_module.c +++ b/src/http/modules/ngx_http_geo_module.c
@@ -212,12 +212,20 @@ cidrin.mask = 0; } else { - if (ngx_ptocidr(&value[0], &cidrin) == NGX_ERROR) { + rc = ngx_ptocidr(&value[0], &cidrin); + + if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[0]); return NGX_CONF_ERROR; } + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", + &value[0]); + } + cidrin.addr = ntohl(cidrin.addr); cidrin.mask = ntohl(cidrin.mask); }
diff --git a/src/http/modules/ngx_http_realip_module.c b/src/http/modules/ngx_http_realip_module.c index ffb2028..4de4c13 100644 --- a/src/http/modules/ngx_http_realip_module.c +++ b/src/http/modules/ngx_http_realip_module.c
@@ -188,6 +188,7 @@ { ngx_http_realip_loc_conf_t *rlcf = conf; + ngx_int_t rc; ngx_str_t *value; ngx_inet_cidr_t in_cidr; ngx_http_realip_from_t *from; @@ -215,12 +216,19 @@ return NGX_CONF_OK; } - if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { + rc = ngx_ptocidr(&value[1], &in_cidr); + + if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", &value[1]); + } + from->mask = in_cidr.mask; from->addr = in_cidr.addr;