Merge pull request nextcloud#14149 from nextcloud/fix/throttler_bitmask

Fix the thorrtler whitelist bitmask

Author: rullzer

lib/private/Security/Bruteforce/Throttler.php

@@ -177,8 +177,10 @@ private function isIPWhitelisted($ip) {
 				$part = ord($addr[(int)($i/8)]);
 				$orig = ord($ip[(int)($i/8)]);
 
-				$part = $part & (15 << (1 - ($i % 2)));
-				$orig = $orig & (15 << (1 - ($i % 2)));
+				$bitmask = 1 << (7 - ($i % 8));
+
+				$part = $part & $bitmask;
+				$orig = $orig & $bitmask;
 
 				if ($part !== $orig) {
 					$valid = false;

tests/lib/Security/Bruteforce/ThrottlerTest.php

@@ -100,6 +100,27 @@ public function dataIsIPWhitelisted() {
 				],
 				true,
 			],
+			[
+				'10.10.10.10',
+				[
+					'whitelist_0' => '10.10.10.11/31',
+				],
+				true,
+			],
+			[
+				'10.10.10.10',
+				[
+					'whitelist_0' => '10.10.10.9/31',
+				],
+				false,
+			],
+			[
+				'10.10.10.10',
+				[
+					'whitelist_0' => '10.10.10.15/29',
+				],
+				true,
+			],
 			[
 				'dead:beef:cafe::1',
 				[
@@ -127,6 +148,14 @@ public function dataIsIPWhitelisted() {
 				],
 				true,
 			],
+			[
+				'dead:beef:cafe::1111',
+				[
+					'whitelist_0' => 'dead:beef:cafe::1100/123',
+					
+				],
+				true,
+			],
 			[
 				'invalid',
 				[],