# HG changeset patch # User Igor Sysoev # Date 1186751608 0 # Node ID b590a528fd41ca1f12bd2ed652c0d38d8c924411 # Parent cc8ac1936aa444e149d422a5bafbec099e5c735c ignore meaningless bits in CIDR and warn about them diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -214,7 +214,13 @@ ngx_ptocidr(ngx_str_t *text, void *cidr) in_cidr->mask = htonl((ngx_uint_t) (0 - (1 << (32 - m)))); - return NGX_OK; + if (in_cidr->addr == (in_cidr->addr & in_cidr->mask)) { + return NGX_OK; + } + + in_cidr->addr &= in_cidr->mask; + + return NGX_DONE; } diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -1038,8 +1038,9 @@ ngx_event_debug_connection(ngx_conf_t *c #if (NGX_DEBUG) ngx_event_conf_t *ecf = conf; + ngx_int_t rc; + ngx_str_t *value; ngx_event_debug_t *dc; - ngx_str_t *value; struct hostent *h; ngx_inet_cidr_t in_cidr; @@ -1056,13 +1057,21 @@ ngx_event_debug_connection(ngx_conf_t *c if (dc->addr != INADDR_NONE) { dc->mask = 0xffffffff; - return NGX_OK; + return NGX_CONF_OK; } - if (ngx_ptocidr(&value[1], &in_cidr) == NGX_OK) { + rc = ngx_ptocidr(&value[1], &in_cidr); + + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", &value[1]); + rc = NGX_OK; + } + + if (rc == NGX_OK) { dc->mask = in_cidr.mask; dc->addr = in_cidr.addr; - return NGX_OK; + return NGX_CONF_OK; } h = gethostbyname((char *) value[1].data); @@ -1084,7 +1093,7 @@ ngx_event_debug_connection(ngx_conf_t *c #endif - return NGX_OK; + return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_access_module.c b/src/http/modules/ngx_http_access_module.c --- a/src/http/modules/ngx_http_access_module.c +++ b/src/http/modules/ngx_http_access_module.c @@ -137,6 +137,7 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx { ngx_http_access_loc_conf_t *alcf = conf; + ngx_int_t rc; ngx_str_t *value; ngx_inet_cidr_t in_cidr; ngx_http_access_rule_t *rule; @@ -173,12 +174,19 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx return NGX_CONF_OK; } - if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { + rc = ngx_ptocidr(&value[1], &in_cidr); + + if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", &value[1]); + } + rule->mask = in_cidr.mask; rule->addr = in_cidr.addr; diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c --- a/src/http/modules/ngx_http_geo_module.c +++ b/src/http/modules/ngx_http_geo_module.c @@ -212,12 +212,20 @@ ngx_http_geo(ngx_conf_t *cf, ngx_command cidrin.mask = 0; } else { - if (ngx_ptocidr(&value[0], &cidrin) == NGX_ERROR) { + rc = ngx_ptocidr(&value[0], &cidrin); + + if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[0]); return NGX_CONF_ERROR; } + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", + &value[0]); + } + cidrin.addr = ntohl(cidrin.addr); cidrin.mask = ntohl(cidrin.mask); } diff --git a/src/http/modules/ngx_http_realip_module.c b/src/http/modules/ngx_http_realip_module.c --- a/src/http/modules/ngx_http_realip_module.c +++ b/src/http/modules/ngx_http_realip_module.c @@ -188,6 +188,7 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx { ngx_http_realip_loc_conf_t *rlcf = conf; + ngx_int_t rc; ngx_str_t *value; ngx_inet_cidr_t in_cidr; ngx_http_realip_from_t *from; @@ -215,12 +216,19 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx return NGX_CONF_OK; } - if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) { + rc = ngx_ptocidr(&value[1], &in_cidr); + + if (rc == NGX_ERROR) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[1]); return NGX_CONF_ERROR; } + if (rc == NGX_DONE) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "low address bits of %V are meaningless", &value[1]); + } + from->mask = in_cidr.mask; from->addr = in_cidr.addr;