only check Contains if IP address (#14487)

* only check Contains if IP address * fix typo * add bug fix changelog
2022-03-15 09:55:50 -06:00 · 2022-03-15 09:55:50 -06:00 · 6ae9c76970
parent dd4a3b339e
commit 6ae9c76970
2 changed files with 8 additions and 1 deletions
--- a/changelog/14487.txt
+++ b/changelog/14487.txt
@ -0,0 +1,3 @@
+```release-note:bug
+sdk/cidrutil: Only check if cidr contains remote address for IP addresses
+```
--- a/sdk/helper/cidrutil/cidr.go
+++ b/sdk/helper/cidrutil/cidr.go
@ -10,6 +10,10 @@ import (
 	sockaddr "github.com/hashicorp/go-sockaddr"
 )

+func isIPAddr(cidr sockaddr.SockAddr) bool {
+	return (cidr.Type() & sockaddr.TypeIP) != 0
+}
+
 // RemoteAddrIsOk checks if the given remote address is either:
 //   - OK because there's no CIDR whitelist
 //   - OK because it's in the CIDR whitelist
@ -24,7 +28,7 @@ func RemoteAddrIsOk(remoteAddr string, boundCIDRs []*sockaddr.SockAddrMarshaler)
 		return false
 	}
 	for _, cidr := range boundCIDRs {
-		if cidr.Contains(remoteSockAddr) {
+		if isIPAddr(cidr) && cidr.Contains(remoteSockAddr) {
 			// Whitelisted.
 			return true
 		}