I've posted a pull request on GitHub to fix how the
ares_ipv6_subnet_matches() function computes its netmask.
(I've posted this notice to the mailing list as suggested by the GitHub
c-ares contribution guidelines.)
https://github.com/c-ares/c-ares/pull/164
Upstream c-ares PR #144 attempts to filter out certain blacklisted IPv6
DNS resolver addresses from those returned by Windows.
The ares_ipv6_subnet_matches function computes the full netmask from a
bit count argument via a loop. However, this loop gives the wrong answer
when mask > 8. It needn't even be a loop. This PR fixes the code so it
should compute the right netmask for all values from 0 to 128.
BTW, I discovered that the same bad IPv6 resolver addresses ("fec0::")
can also appear in Android simulators. Perhaps these addresses should be
generally blacklisted for all operating systems?
-- Brad SpencerReceived on 2017-12-20