Yep, original was definitely broken, major brainfart there on my part, can't even
see what I was thinking, at a minimum the %8 was in the wrong place.
I've merged that PR, if you want to submit one to make that same exclusion apply
to all systems, I don't see why that wouldn't be allowed since those addresses
definitely shouldn't be legitimate.
-Brad House
On 12/20/2017 12:15 PM, Brad Spencer wrote:
> I've posted a pull request on GitHub to fix how the ares_ipv6_subnet_matches() function computes its netmask.
> (I've posted this notice to the mailing list as suggested by the GitHub c-ares contribution guidelines.)
>
> https://github.com/c-ares/c-ares/pull/164
>
> Upstream c-ares PR #144 attempts to filter out certain blacklisted IPv6 DNS resolver addresses from those returned by Windows.
>
> The ares_ipv6_subnet_matches function computes the full netmask from a bit count argument via a loop. However, this loop gives the wrong answer when mask > 8. It needn't even be a loop. This PR fixes the code so it should compute the right netmask for all values from 0 to 128.
>
> BTW, I discovered that the same bad IPv6 resolver addresses ("fec0::") can also appear in Android simulators. Perhaps these addresses should be generally blacklisted for all operating systems?
>
Received on 2017-12-20