From bb2fef74cdc349d54958d1ba2786419f8eb218ed Mon Sep 17 00:00:00 2001 From: Costa Tsaousis Date: Sat, 4 Apr 2026 20:29:43 +0300 Subject: [PATCH] Fix IPv6 diff boundary bug and update test harnesses - Fix ipset6_diff.c: always refresh lo1/hi1 and lo2/hi2 from the array after incrementing i1/i2 at the IPV6_ADDR_MAX boundary. The previous conditional refresh (lo1 > hi1) could leave stale values from the prior iteration, producing incorrect diff results for ranges ending at the maximum IPv6 address. - Use memset for addrinfo hints in ipset_dns.c for consistency with the IPv6 DNS resolver (defensive, avoids uninitialized struct fields). - Fix sanitizer test 05 and unit test harnesses: add ipset_dns.c to the compilation and define active_family/ipv6_dropped_in_ipv4_mode globals required after the DNS extraction and IPv6 additions. --- run-unit-tests.sh | 1 + src/ipset6_diff.c | 4 ++-- src/ipset_dns.c | 3 +-- tests.sanitizers.d/05-dns-thread-create-failure/cmd.sh | 3 +++ tests.unit/combine_overflow.c | 2 ++ tests.unit/copy_overflow.c | 2 ++ tests.unit/empty_ipset_ops.c | 2 ++ tests.unit/free_all_linked_list.c | 2 ++ tests.unit/merge_overflow.c | 2 ++ tests.unit/optimize_empty_lsan.c | 2 ++ 10 files changed, 19 insertions(+), 4 deletions(-) diff --git a/run-unit-tests.sh b/run-unit-tests.sh index 92bb304..05ad357 100755 --- a/run-unit-tests.sh +++ b/run-unit-tests.sh @@ -25,6 +25,7 @@ PROJECT_SOURCES=( "$ROOT_DIR/src/ipset_common.c" "$ROOT_DIR/src/ipset_copy.c" "$ROOT_DIR/src/ipset_diff.c" + "$ROOT_DIR/src/ipset_dns.c" "$ROOT_DIR/src/ipset_exclude.c" "$ROOT_DIR/src/ipset_load.c" "$ROOT_DIR/src/ipset_merge.c" diff --git a/src/ipset6_diff.c b/src/ipset6_diff.c index 727e012..f629ae3 100644 --- a/src/ipset6_diff.c +++ b/src/ipset6_diff.c @@ -84,7 +84,7 @@ inline ipset6 *ipset6_diff(ipset6 *ips1, ipset6 *ips2) { lo2 = ips2->netaddrs[i2].addr; hi2 = ips2->netaddrs[i2].broadcast; } - if(i1 < n1 && lo1 > hi1) { + if(i1 < n1) { lo1 = ips1->netaddrs[i1].addr; hi1 = ips1->netaddrs[i1].broadcast; } @@ -97,7 +97,7 @@ inline ipset6 *ipset6_diff(ipset6 *ips1, ipset6 *ips2) { lo1 = ips1->netaddrs[i1].addr; hi1 = ips1->netaddrs[i1].broadcast; } - if(i2 < n2 && lo2 > hi2) { + if(i2 < n2) { lo2 = ips2->netaddrs[i2].addr; hi2 = ips2->netaddrs[i2].broadcast; } diff --git a/src/ipset_dns.c b/src/ipset_dns.c index 34f5ef7..2dadf65 100644 --- a/src/ipset_dns.c +++ b/src/ipset_dns.c @@ -206,10 +206,9 @@ static void *dns_thread_resolve(void *ptr) int r; struct addrinfo *result, *rp, hints; + memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; hints.ai_socktype = SOCK_DGRAM; - hints.ai_flags = 0; - hints.ai_protocol = 0; r = getaddrinfo(d->hostname, "80", &hints, &result); if(r != 0) { diff --git a/tests.sanitizers.d/05-dns-thread-create-failure/cmd.sh b/tests.sanitizers.d/05-dns-thread-create-failure/cmd.sh index 8c3e8c5..20f1ae2 100755 --- a/tests.sanitizers.d/05-dns-thread-create-failure/cmd.sh +++ b/tests.sanitizers.d/05-dns-thread-create-failure/cmd.sh @@ -15,6 +15,8 @@ char *PROG = "dns-create-fail"; int debug; int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine)(void *), void *arg) { (void)thread; @@ -68,6 +70,7 @@ if ! "${CC:-clang}" \ ../../src/ipset_common.c \ ../../src/ipset_copy.c \ ../../src/ipset_diff.c \ + ../../src/ipset_dns.c \ ../../src/ipset_exclude.c \ ../../src/ipset_load.c \ ../../src/ipset_merge.c \ diff --git a/tests.unit/combine_overflow.c b/tests.unit/combine_overflow.c index 1d6b61f..354217f 100644 --- a/tests.unit/combine_overflow.c +++ b/tests.unit/combine_overflow.c @@ -5,6 +5,8 @@ char *PROG = "combine_overflow"; int debug = 0; int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; int main(void) { diff --git a/tests.unit/copy_overflow.c b/tests.unit/copy_overflow.c index 240d901..d3db64e 100644 --- a/tests.unit/copy_overflow.c +++ b/tests.unit/copy_overflow.c @@ -2,6 +2,8 @@ int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; char *PROG = "copy_overflow"; int debug = 0; diff --git a/tests.unit/empty_ipset_ops.c b/tests.unit/empty_ipset_ops.c index 269b0e3..1f77073 100644 --- a/tests.unit/empty_ipset_ops.c +++ b/tests.unit/empty_ipset_ops.c @@ -4,6 +4,8 @@ char *PROG = "unit-empty-ipset"; int debug; int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; static ipset *make_single_ipset(const char *name, in_addr_t ip) { ipset *ips = ipset_create(name, 1); diff --git a/tests.unit/free_all_linked_list.c b/tests.unit/free_all_linked_list.c index 1333ab3..88f12ec 100644 --- a/tests.unit/free_all_linked_list.c +++ b/tests.unit/free_all_linked_list.c @@ -4,6 +4,8 @@ char *PROG = "unit-free-all"; int debug; int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; int main(void) { ipset *a = ipset_create("a", 0); diff --git a/tests.unit/merge_overflow.c b/tests.unit/merge_overflow.c index e9c7e79..adc94ed 100644 --- a/tests.unit/merge_overflow.c +++ b/tests.unit/merge_overflow.c @@ -5,6 +5,8 @@ char *PROG = "merge_overflow"; int debug = 0; int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; int main(void) { diff --git a/tests.unit/optimize_empty_lsan.c b/tests.unit/optimize_empty_lsan.c index 5c8f439..43cb6f0 100644 --- a/tests.unit/optimize_empty_lsan.c +++ b/tests.unit/optimize_empty_lsan.c @@ -4,6 +4,8 @@ char *PROG = "unit-optimize-empty"; int debug; int cidr_use_network = 1; int default_prefix = 32; +int active_family = 0; +unsigned long ipv6_dropped_in_ipv4_mode = 0; int main(void) { ipset *ips = ipset_create("empty", 0);