Subject: Re: PR: Fix computation of IPv6 blacklist mask for values of netmask > 8

Re: PR: Fix computation of IPv6 blacklist mask for values of netmask > 8

From: Brad House via c-ares <>
Date: Wed, 20 Dec 2017 12:53:12 -0500

Yep, original was definitely broken, major brainfart there on my part, can't even
see what I was thinking, at a minimum the %8 was in the wrong place.

I've merged that PR, if you want to submit one to make that same exclusion apply
to all systems, I don't see why that wouldn't be allowed since those addresses
definitely shouldn't be legitimate.

-Brad House

On 12/20/2017 12:15 PM, Brad Spencer wrote:
> I've posted a pull request on GitHub to fix how the ares_ipv6_subnet_matches() function computes its netmask.
> (I've posted this notice to the mailing list as suggested by the GitHub c-ares contribution guidelines.)
> Upstream c-ares PR #144 attempts to filter out certain blacklisted IPv6 DNS resolver addresses from those returned by Windows.
> The ares_ipv6_subnet_matches function computes the full netmask from a bit count argument via a loop. However, this loop gives the wrong answer when mask > 8. It needn't even be a loop. This PR fixes the code so it should compute the right netmask for all values from 0 to 128.
> BTW, I discovered that the same bad IPv6 resolver addresses ("fec0::") can also appear in Android simulators. Perhaps these addresses should be generally blacklisted for all operating systems?
Received on 2017-12-20