Prevent checking beyond lsb in a network in a remove call (#36)

yl2chen · Sep 21, 2020 · 7ff5a0e · 7ff5a0e
1 parent 64ae714
commit 7ff5a0e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/trie.go b/trie.go
@@ -284,6 +284,9 @@ func (p *prefixTrie) remove(network rnet.Network) (RangerEntry, error) {
 		}
 		return entry, nil
 	}
+	if p.targetBitPosition() < 0 {
+		return nil, nil
+	}
 	bit, err := p.targetBitFromIP(network.Number)
 	if err != nil {
 		return nil, err

diff --git a/trie_test.go b/trie_test.go
@@ -135,6 +135,16 @@ func TestPrefixTrieRemove(t *testing.T) {
 			"0.0.0.0/0 (target_pos:31:has_entry:false)",
 			"basic remove",
 		},
+		{
+			rnet.IPv4,
+			[]string{"192.168.0.1/32"},
+			[]string{"192.168.0.1/24"},
+			[]string{""},
+			[]string{"192.168.0.1/32"},
+			`0.0.0.0/0 (target_pos:31:has_entry:false)
+| 1--> 192.168.0.1/32 (target_pos:-1:has_entry:true)`,
+			"remove from ranger that contains a single ip block",
+		},
 		{
 			rnet.IPv4,
 			[]string{"1.2.3.4/32", "1.2.3.5/32"},