[2.1] Fix IPNetwork.Contains for prefixes which are not at start of subnet range. (#50967)

adityamandaleeka · wtgodbe · commit 9edb469be69e · 2024-10-16T09:24:35.000-07:00
* Fix IPNetwork.Contains behavior for prefixes which are not at start of subnet range. Backport of 3d00915 to 2.1. * Update patchconfig.
diff --git a/eng/PatchConfig.props b/eng/PatchConfig.props
@@ -139,6 +139,7 @@ Later on, this will be checked using this condition:
       Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv;
       Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets;
       Microsoft.AspNetCore.SignalR.Redis;
+      Microsoft.AspNetCore.HttpOverrides;
     </PackagesInPatch>
   </PropertyGroup>
 </Project>
diff --git a/src/Middleware/HttpOverrides/src/IPNetwork.cs b/src/Middleware/HttpOverrides/src/IPNetwork.cs
@@ -1,14 +1,17 @@
 ﻿// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.Net;
+using System.Net.Sockets;
 
 namespace Microsoft.AspNetCore.HttpOverrides
 {
     public class IPNetwork
     {
         public IPNetwork(IPAddress prefix, int prefixLength)
         {
+            CheckPrefixLengthRange(prefix, prefixLength);
             Prefix = prefix;
             PrefixLength = prefixLength;
             PrefixBytes = Prefix.GetAddressBytes();
@@ -20,7 +23,7 @@ public IPNetwork(IPAddress prefix, int prefixLength)
         private byte[] PrefixBytes { get; }
 
         /// <summary>
-        /// The CIDR notation of the subnet mask 
+        /// The CIDR notation of the subnet mask
         /// </summary>
         public int PrefixLength { get; }
 
@@ -36,7 +39,7 @@ public bool Contains(IPAddress address)
             var addressBytes = address.GetAddressBytes();
             for (int i = 0; i < PrefixBytes.Length && Mask[i] != 0; i++)
             {
-                if (PrefixBytes[i] != (addressBytes[i] & Mask[i]))
+                if ((PrefixBytes[i] & Mask[i]) != (addressBytes[i] & Mask[i]))
                 {
                     return false;
                 }
@@ -63,5 +66,23 @@ private byte[] CreateMask()
 
             return mask;
         }
+
+        private static void CheckPrefixLengthRange(IPAddress prefix, int prefixLength)
+        {
+            if (prefixLength < 0)
+            {
+                throw new ArgumentOutOfRangeException(nameof(prefixLength));
+            }
+
+            if (prefix.AddressFamily == AddressFamily.InterNetwork && prefixLength > 32)
+            {
+                throw new ArgumentOutOfRangeException(nameof(prefixLength));
+            }
+
+            if (prefix.AddressFamily == AddressFamily.InterNetworkV6 && prefixLength > 128)
+            {
+                throw new ArgumentOutOfRangeException(nameof(prefixLength));
+            }
+        }
     }
 }
diff --git a/src/Middleware/HttpOverrides/test/IPNetworkTest.cs b/src/Middleware/HttpOverrides/test/IPNetworkTest.cs
@@ -12,6 +12,15 @@ public class IPNetworkTest
         [InlineData("174.0.0.0", 7, "175.1.1.10")]
         [InlineData("10.174.0.0", 15, "10.175.1.10")]
         [InlineData("10.168.0.0", 14, "10.171.1.10")]
+        [InlineData("192.168.0.1", 31, "192.168.0.0")]
+        [InlineData("192.168.0.1", 31, "192.168.0.1")]
+        [InlineData("192.168.0.1", 32, "192.168.0.1")]
+        [InlineData("192.168.1.1", 0, "0.0.0.0")]
+        [InlineData("192.168.1.1", 0, "255.255.255.255")]
+        [InlineData("2001:db8:3c4d::", 127, "2001:db8:3c4d::1")]
+        [InlineData("2001:db8:3c4d::1", 128, "2001:db8:3c4d::1")]
+        [InlineData("2001:db8:3c4d::1", 0, "::")]
+        [InlineData("2001:db8:3c4d::1", 0, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")]
         public void Contains_Positive(string prefixText, int length, string addressText)
         {
             var network = new IPNetwork(IPAddress.Parse(prefixText), length);
@@ -23,6 +32,9 @@ public void Contains_Positive(string prefixText, int length, string addressText)
         [InlineData("174.0.0.0", 7, "173.1.1.10")]
         [InlineData("10.174.0.0", 15, "10.173.1.10")]
         [InlineData("10.168.0.0", 14, "10.172.1.10")]
+        [InlineData("192.168.0.1", 31, "192.168.0.2")]
+        [InlineData("192.168.0.1", 32, "192.168.0.0")]
+        [InlineData("2001:db8:3c4d::", 127, "2001:db8:3c4d::2")]
         public void Contains_Negative(string prefixText, int length, string addressText)
         {
             var network = new IPNetwork(IPAddress.Parse(prefixText), length);
