From 6ae9c769704db770099eb7fe3c4253c3c0806909 Mon Sep 17 00:00:00 2001
From: swayne275 <swayne@hashicorp.com>
Date: Tue, 15 Mar 2022 09:55:50 -0600
Subject: [PATCH] only check Contains if IP address (#14487)

* only check Contains if IP address

* fix typo

* add bug fix changelog
---
 changelog/14487.txt         | 3 +++
 sdk/helper/cidrutil/cidr.go | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 changelog/14487.txt

diff --git a/changelog/14487.txt b/changelog/14487.txt
new file mode 100644
index 000000000..b7e9969cc
--- /dev/null
+++ b/changelog/14487.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+sdk/cidrutil: Only check if cidr contains remote address for IP addresses
+```
\ No newline at end of file
diff --git a/sdk/helper/cidrutil/cidr.go b/sdk/helper/cidrutil/cidr.go
index 33c9a1614..7e48c2be5 100644
--- a/sdk/helper/cidrutil/cidr.go
+++ b/sdk/helper/cidrutil/cidr.go
@@ -10,6 +10,10 @@ import (
 	sockaddr "github.com/hashicorp/go-sockaddr"
 )
 
+func isIPAddr(cidr sockaddr.SockAddr) bool {
+	return (cidr.Type() & sockaddr.TypeIP) != 0
+}
+
 // RemoteAddrIsOk checks if the given remote address is either:
 //   - OK because there's no CIDR whitelist
 //   - OK because it's in the CIDR whitelist
@@ -24,7 +28,7 @@ func RemoteAddrIsOk(remoteAddr string, boundCIDRs []*sockaddr.SockAddrMarshaler)
 		return false
 	}
 	for _, cidr := range boundCIDRs {
-		if cidr.Contains(remoteSockAddr) {
+		if isIPAddr(cidr) && cidr.Contains(remoteSockAddr) {
 			// Whitelisted.
 			return true
 		}