net: prevent /32 ipv4 mask from matching all ips

Fixes: #43360

PR-URL: #43381
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Author: supriyo-biswas

src/node_sockaddr.cc

@@ -215,7 +215,7 @@ bool in_network_ipv4(
     const SocketAddress& ip,
     const SocketAddress& net,
     int prefix) {
-  uint32_t mask = ((1 << prefix) - 1) << (32 - prefix);
+  uint32_t mask = ((1ull << prefix) - 1) << (32 - prefix);
 
   const sockaddr_in* ip_in =
       reinterpret_cast<const sockaddr_in*>(ip.data());
@@ -293,7 +293,7 @@ bool in_network_ipv6_ipv4(
   if (prefix == 32)
     return compare_ipv4_ipv6(net, ip) == SocketAddress::CompareResult::SAME;
 
-  uint32_t m = ((1 << prefix) - 1) << (32 - prefix);
+  uint32_t m = ((1ull << prefix) - 1) << (32 - prefix);
 
   const sockaddr_in6* ip_in =
       reinterpret_cast<const sockaddr_in6*>(ip.data());

test/parallel/test-blocklist.js

@@ -272,3 +272,13 @@ const util = require('util');
   const ret = util.inspect(blockList, { depth: null });
   assert(ret.includes('rules: []'));
 }
+
+{
+  // Test for https://github.com/nodejs/node/issues/43360
+  const blocklist = new BlockList();
+  blocklist.addSubnet('1.1.1.1', 32, 'ipv4');
+
+  assert(blocklist.check('1.1.1.1'));
+  assert(!blocklist.check('1.1.1.2'));
+  assert(!blocklist.check('2.3.4.5'));
+}