From 24d223fe9d1b7e99bc3711d5f7f87287bc300fa7 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 8 Jun 2020 16:19:05 +0200 Subject: [PATCH] Only allow contiguous netmasks --- src/name.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/name.rs b/src/name.rs index 24cb69f0..4116a471 100644 --- a/src/name.rs +++ b/src/name.rs @@ -363,10 +363,13 @@ fn presented_ip_address_matches_constraint( let mut name = untrusted::Reader::new(name); let mut constraint_address = untrusted::Reader::new(constraint_address); let mut constraint_mask = untrusted::Reader::new(constraint_mask); + let (mut mask_index, mut mask) = (0, [0u8; 8]); loop { let name_byte = name.read_byte().unwrap(); let constraint_address_byte = constraint_address.read_byte().unwrap(); let constraint_mask_byte = constraint_mask.read_byte().unwrap(); + mask[mask_index] = constraint_mask_byte; + mask_index += 1; if ((name_byte ^ constraint_address_byte) & constraint_mask_byte) != 0 { return Ok(false); } @@ -375,6 +378,11 @@ fn presented_ip_address_matches_constraint( } } + let mask = u64::from_be_bytes(mask); + if mask.trailing_zeros() != 64 - mask.count_ones() { + return Ok(false); + } + return Ok(true); }