From 23ae0a9838308706167484ef09a6ffe481953369 Mon Sep 17 00:00:00 2001
From: "Alexander V. Buev" <san@zzz.spb.ru>
Date: Tue, 17 Oct 2023 18:35:42 +0300
Subject: [PATCH] fix ipset wrong behavior

  Issue description:

    If local zone directive is assigned as following:

      "local-zone domain.com ipset"

    then any answers for query with names such as
    "anytext1domain.com" or "example2domain.com"
    will be added to ipset.

  This commit fixes this issue.
---
 ipset/ipset.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipset/ipset.c b/ipset/ipset.c
index c61ebc205..af55de8d6 100644
--- a/ipset/ipset.c
+++ b/ipset/ipset.c
@@ -158,10 +158,10 @@ ipset_check_zones_for_rrset(struct module_env *env, struct ipset_env *ie,
 		qs = NULL;
 		plen = strlen(p->str);
 
-		if (dlen >= plen) {
+		if (dlen == plen || (dlen > plen && dname[dlen - plen - 1] == '.' )) {
 			ds = dname + (dlen - plen);
 		}
-		if (qlen >= plen) {
+		if (qlen == plen || (qlen > plen && qname[qlen - plen - 1] == '.' )) {
 			qs = qname + (qlen - plen);
 		}
 		if ((ds && strncasecmp(p->str, ds, plen) == 0)