diff --git a/source/common/network/utility.cc b/source/common/network/utility.cc index de16b7319b64..54a9569b387c 100644 --- a/source/common/network/utility.cc +++ b/source/common/network/utility.cc @@ -34,9 +34,12 @@ IpWhiteList::IpWhiteList(const Json::Object& config) { throw EnvoyException( fmt::format("invalid ipv4/mask combo '{}' (mask bits must be <= 32)", entry)); } + // "0.0.0.0/0" is a valid subnet that contains all possible IPv4 addresses, so mask can be equal to 0 Ipv4Entry white_list_entry; white_list_entry.ipv4_address_ = ntohl(addr.s_addr); + // The 1ULL below makes sure that the RHS is computed as a 64-bit value, so that we do not over-shift + // to the left when mask = 0. The assignment to ipv4_mask_ then truncates the value back to 32 bits. white_list_entry.ipv4_mask_ = ~((1ULL << (32 - mask)) - 1); // Check to make sure applying the mask to the address equals the address. This can prevent