From 1fa2ce7eaef0c17d554495220565b681639b2ce5 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sun, 27 Jan 2008 02:13:34 +0000
Subject: [PATCH] 2324.   [bug]           Fix IPv6 matching against "any;" [RT
 #17533]

---
 CHANGES         |  2 ++
 lib/dns/acl.c   |  4 +++-
 lib/isc/radix.c | 18 +++++++++++-------
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1548500535..206ebade6d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2324.	[bug]		Fix IPv6 matching against "any;" [RT #17533]
+
 2323.	[port]		tru64: namespace clash. [RT #17547]
 
 2322.	[port]		MacOS: work around the limitation of setrlimit()
diff --git a/lib/dns/acl.c b/lib/dns/acl.c
index fd91a4e923..f6160b70ac 100644
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acl.c,v 1.43 2008/01/22 05:37:49 each Exp $ */
+/* $Id: acl.c,v 1.44 2008/01/27 02:13:34 marka Exp $ */
 
 /*! \file */
 
@@ -220,6 +220,8 @@ dns_acl_match(const isc_netaddr_t *reqaddr,
 
 	/* Found a match. */
 	if (result == ISC_R_SUCCESS && node != NULL) {
+		if (node->bit == 0)
+			family = AF_INET;
 		match_num = node->node_num[ISC_IS6(family)];
 		if (*(isc_boolean_t *) node->data[ISC_IS6(family)] == ISC_TRUE)
 			*match = match_num;
diff --git a/lib/isc/radix.c b/lib/isc/radix.c
index ce332146c9..989ca436ae 100644
--- a/lib/isc/radix.c
+++ b/lib/isc/radix.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: radix.c,v 1.11 2008/01/21 23:46:56 tbox Exp $ */
+/* $Id: radix.c,v 1.12 2008/01/27 02:13:34 marka Exp $ */
 
 /*
  * This source was adapted from MRT's RCS Ids:
@@ -233,7 +233,7 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target,
 	isc_radix_node_t *node;
 	isc_radix_node_t *stack[RADIX_MAXBITS + 1];
 	u_char *addr;
-	isc_uint32_t bitlen, family;
+	isc_uint32_t bitlen, family, tfamily = -1;
 	int cnt = 0;
 
 	REQUIRE(radix != NULL);
@@ -250,8 +250,6 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target,
 	addr = isc_prefix_touchar(prefix);
 	bitlen = prefix->bitlen;
 
-	/* Bitlen 0 means "any" or "none", which is always treated as IPv4 */
-	family = bitlen ? prefix->family : AF_INET;
 
 	while (node->bit < bitlen) {
 		if (node->prefix)
@@ -275,11 +273,17 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target,
 		if (_comp_with_mask(isc_prefix_tochar(node->prefix),
 				    isc_prefix_tochar(prefix),
 				    node->prefix->bitlen)) {
+			/* Bitlen 0 means "any" or "none",
+			   which is always treated as IPv4 */
+			family = node->prefix->bitlen ?
+				 prefix->family : AF_INET;
 			if (node->node_num[ISC_IS6(family)] != -1 &&
-			    ((*target == NULL) ||
-			     (*target)->node_num[ISC_IS6(family)] >
-				   node->node_num[ISC_IS6(family)]))
+			         ((*target == NULL) ||
+			          (*target)->node_num[ISC_IS6(tfamily)] >
+				   node->node_num[ISC_IS6(family)])) {
 				*target = node;
+				tfamily = family;
+			}
 		}
 	}
 
-- 
GitLab