Fixing issue #5376 by adding a check to parse out Zone info (#5387)

* Fixing #5376 by adding a check to parse out Zone information

Signed-off-by: Tintin <samrath.sodi@gmail.com>

* using IndexByte instead of strings.Split()

Signed-off-by: Tintin <samrath.sodi@gmail.com>

* using plugin logger for logging parsing failure

Signed-off-by: Tintin <samrath.sodi@gmail.com>

* using var keywork instead of short declaration operator

Signed-off-by: Tintin <samrath.sodi@gmail.com>

* reordering imports

Signed-off-by: Tintin <samrath.sodi@gmail.com>

1 files changed, 17 insertions, 1 deletions

diff --git a/plugin/acl/acl.go b/plugin/acl/acl.go
index e684dc42c..9a7a8077d 100644
--- a/plugin/acl/acl.go
+++ b/plugin/acl/acl.go
@@ -3,9 +3,11 @@ package acl
 import (
 	"context"
 	"net"
+	"strings"
 
 	"github.com/coredns/coredns/plugin"
 	"github.com/coredns/coredns/plugin/metrics"
+	clog "github.com/coredns/coredns/plugin/pkg/log"
 	"github.com/coredns/coredns/request"
 
 	"github.com/infobloxopen/go-trees/iptree"
@@ -49,6 +51,8 @@ const (
 	actionFilter
 )
 
+var log = clog.NewWithPlugin("acl")
+
 // ServeDNS implements the plugin.Handler interface.
 func (a ACL) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
 	state := request.Request{W: w, Req: r}
@@ -96,7 +100,19 @@ RulesCheckLoop:
 func matchWithPolicies(policies []policy, w dns.ResponseWriter, r *dns.Msg) action {
 	state := request.Request{W: w, Req: r}
 
-	ip := net.ParseIP(state.IP())
+	var ip net.IP
+	if idx := strings.IndexByte(state.IP(), '%'); idx >= 0 {
+		ip = net.ParseIP(state.IP()[:idx])
+	} else {
+		ip = net.ParseIP(state.IP())
+	}
+
+	// if the parsing did not return a proper response then we simply return 'actionBlock' to
+	// block the query
+	if ip == nil {
+		log.Errorf("Blocking request. Unable to parse source address: %v", state.IP())
+		return actionBlock
+	}
 	qtype := state.QType()
 	for _, policy := range policies {
 		// dns.TypeNone matches all query types.