From 2678db9d2f6f161bdbe055665e99e4a2fc844ef9 Mon Sep 17 00:00:00 2001
From: Wills Ward <wward@warddevelopment.com>
Date: Sun, 30 Mar 2025 14:59:26 -0500
Subject: [PATCH] fix IPv6 masking

---
 components/security_apps/waap/waap_clib/CidrMatch.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/components/security_apps/waap/waap_clib/CidrMatch.cc b/components/security_apps/waap/waap_clib/CidrMatch.cc
index 18b7cf0..e37a206 100755
--- a/components/security_apps/waap/waap_clib/CidrMatch.cc
+++ b/components/security_apps/waap/waap_clib/CidrMatch.cc
@@ -41,6 +41,7 @@ static in6_addr applyMaskV6(const in6_addr& addr, uint8_t prefixLength) {
     in6_addr maskedAddr = addr;
     int fullBytes = prefixLength / 8;
     int remainingBits = prefixLength % 8;
+    uint8_t partialByte = maskedAddr.s6_addr[fullBytes];
 
     // Mask full bytes
     for (int i = fullBytes; i < 16; ++i) {
@@ -50,7 +51,7 @@ static in6_addr applyMaskV6(const in6_addr& addr, uint8_t prefixLength) {
     // Mask remaining bits
     if (remainingBits > 0) {
         uint8_t mask = ~((1 << (8 - remainingBits)) - 1);
-        maskedAddr.s6_addr[fullBytes] &= mask;
+        maskedAddr.s6_addr[fullBytes] = partialByte & mask;
     }
 
     return maskedAddr;