Fix parsing error in _terms_enum API

When using an ipv6 prefix with shortened "0" entries like "23ec::", we erroneously also matched any IP4 address. This change fixes that problem. Closes elastic#94378
cbuescher · Sep 13, 2024 · fbd9430 · fbd9430
1 parent 5daa82a
commit fbd9430
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 5 deletions.
diff --git a/server/src/main/java/org/elasticsearch/index/mapper/IpPrefixAutomatonUtil.java b/server/src/main/java/org/elasticsearch/index/mapper/IpPrefixAutomatonUtil.java
@@ -36,6 +36,7 @@ public class IpPrefixAutomatonUtil {
     private static final Automaton IPV4_PREFIX = Automata.makeBinary(new BytesRef(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1 }));
 
     static final Map<Integer, Automaton> INCOMPLETE_IP4_GROUP_AUTOMATON_LOOKUP = new HashMap<>();
+
     static {
         for (int c = 0; c <= 255; c++) {
             Automaton a = Automata.makeChar(c);
@@ -79,7 +80,18 @@ static CompiledAutomaton buildIpPrefixAutomaton(String ipPrefix) {
         return new CompiledAutomaton(result, null, false, 0, true);
     }
 
-    private static Automaton getIpv6Automaton(String ipPrefix) {
+    static boolean accepts(Automaton a, byte[] input) {
+        CompiledAutomaton compiledAutomaton = new CompiledAutomaton(
+            MinimizationOperations.minimize(a, Operations.DEFAULT_DETERMINIZE_WORK_LIMIT),
+            null,
+            false,
+            0,
+            true
+        );
+        return compiledAutomaton.runAutomaton.run(input, 0, input.length);
+    }
+
+    static Automaton getIpv6Automaton(String ipPrefix) {
         Automaton ipv6Automaton = EMPTY_AUTOMATON;
         List<String> ip6Groups = parseIp6Prefix(ipPrefix);
         if (ip6Groups.isEmpty() == false) {
@@ -107,7 +119,7 @@ private static Automaton getIpv6Automaton(String ipPrefix) {
                 } else {
                     // potentially partial block
                     if (groupsAdded == 0 && ONLY_ZEROS.matcher(group).matches()) {
-                        // here we have a leading group with only "0" characters. If we would allow this to match
+                        // here we have a leading group with only "0" characters. If we allowed this to match
                         // ipv6 addresses, this would include things like 0000::127.0.0.1 (and all other ipv4 addresses).
                         // Allowing this would be counterintuitive, so "0*" prefixes should only expand
                         // to ipv4 addresses like "0.1.2.3" and we return with an automaton not matching anything here
@@ -128,7 +140,7 @@ private static Automaton getIpv6Automaton(String ipPrefix) {
 
     static Automaton automatonFromIPv6Group(String ipv6Group) {
         assert ipv6Group.length() > 0 && ipv6Group.length() <= 4 : "expected a full ipv6 group or prefix";
-        Automaton result = Automata.makeString("");
+        Automaton result = null;
         for (int leadingZeros = 0; leadingZeros <= 4 - ipv6Group.length(); leadingZeros++) {
             int bytesAdded = 0;
             String padded = padWithZeros(ipv6Group, leadingZeros);
@@ -146,7 +158,12 @@ static Automaton automatonFromIPv6Group(String ipv6Group) {
             if (bytesAdded != 2) {
                 a = concatenate(a, Automata.makeCharRange(0, 255));
             }
-            result = Operations.union(result, a);
+            // TODO can we remove this?
+            if (result == null) {
+                result = a;
+            } else {
+                result = Operations.union(result, a);
+            }
         }
         return result;
     }
@@ -209,7 +226,7 @@ static Automaton createIp4Automaton(String prefix) {
         );
     }
 
-    private static String padWithZeros(String input, int leadingZeros) {
+    static String padWithZeros(String input, int leadingZeros) {
         return new StringBuilder("0".repeat(leadingZeros)).append(input).toString();
     }
 

diff --git a/server/src/test/java/org/elasticsearch/index/mapper/IpPrefixAutomatonUtilTests.java b/server/src/test/java/org/elasticsearch/index/mapper/IpPrefixAutomatonUtilTests.java
@@ -173,6 +173,12 @@ public void testBuildPrefixAutomaton() throws UnknownHostException {
             assertTrue(accepts(a, "255.27.240.24"));
             assertTrue(accepts(a, "255:a360::25bb:828f:ffff:ffff"));
         }
+        {
+            CompiledAutomaton a = buildIpPrefixAutomaton("23c9::");
+            assertTrue(accepts(a, "23c9::6063:7ac9:ffff:ffff"));
+            assertFalse(accepts(a, "0.0.0.0"));
+            assertFalse(accepts(a, "249.43.32.175"));
+        }
     }
 
     private static boolean accepts(CompiledAutomaton compiledAutomaton, String address) throws UnknownHostException {