Fixing issue #5376 by adding a check to parse out Zone info (#5387)

* Fixing #5376 by adding a check to parse out Zone information Signed-off-by: Tintin <samrath.sodi@gmail.com> * using IndexByte instead of strings.Split() Signed-off-by: Tintin <samrath.sodi@gmail.com> * using plugin logger for logging parsing failure Signed-off-by: Tintin <samrath.sodi@gmail.com> * using var keywork instead of short declaration operator Signed-off-by: Tintin <samrath.sodi@gmail.com> * reordering imports Signed-off-by: Tintin <samrath.sodi@gmail.com>
2025-11-01 10:43:17 -04:00 · 2022-05-20 10:22:30 +05:30
parent d594d61341
commit 71f68a3363
3 changed files with 41 additions and 3 deletions
--- a/plugin/acl/acl.go
+++ b/plugin/acl/acl.go
@@ -3,9 +3,11 @@ package acl
 import (
 	"context"
 	"net"
+	"strings"

 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/plugin/metrics"
+	clog "github.com/coredns/coredns/plugin/pkg/log"
 	"github.com/coredns/coredns/request"

 	"github.com/infobloxopen/go-trees/iptree"
@@ -49,6 +51,8 @@ const (
 	actionFilter
 )

+var log = clog.NewWithPlugin("acl")
+
 // ServeDNS implements the plugin.Handler interface.
 func (a ACL) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
 	state := request.Request{W: w, Req: r}
@@ -96,7 +100,19 @@ RulesCheckLoop:
 func matchWithPolicies(policies []policy, w dns.ResponseWriter, r *dns.Msg) action {
 	state := request.Request{W: w, Req: r}

-	ip := net.ParseIP(state.IP())
+	var ip net.IP
+	if idx := strings.IndexByte(state.IP(), '%'); idx >= 0 {
+		ip = net.ParseIP(state.IP()[:idx])
+	} else {
+		ip = net.ParseIP(state.IP())
+	}
+
+	// if the parsing did not return a proper response then we simply return 'actionBlock' to
+	// block the query
+	if ip == nil {
+		log.Errorf("Blocking request. Unable to parse source address: %v", state.IP())
+		return actionBlock
+	}
 	qtype := state.QType()
 	for _, policy := range policies {
 		// dns.TypeNone matches all query types.