Re: PATCH: Disallow a netmask of zero unless the IP is also all zeroes

Andreas Karlsson <andreas@proxel.se>

From: Andreas Karlsson <andreas@proxel.se>
To: Tom Lane <tgl@sss.pgh.pa.us>, Greg Sabino Mullane <htamfids@gmail.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-02-14T11:41:19Z
Lists: pgsql-hackers
On 2/11/25 9:25 PM, Tom Lane wrote:
> Greg Sabino Mullane <htamfids@gmail.com> writes:
>> I say "of course" but few people (even tech ones) know the distinction.
>> (Nor should they have to! But that's for a nearby thread). This patch aims
>> to prevent this very bad footgun by only allowing a /0 if the IP consists
>> of only zeroes. It works for ipv4 and ipv6.
> 
> More generally, should we reject if the netmask causes *any* nonzero
> IP bits to be ignored?  Our CIDR type already imposes that rule:

+1 From me too. I think we should fix the general issue rather than 
special casing /0.

Andreas