Inconsistent IPNetwork.Contains behavior for prefixes which are not at start of subnet range.

[pavel12345]

Describe the bug

In AspNetCore/src/Middleware/HttpOverrides/src/IPNetwork.cs

The code below assumes that the prefix will have all bits in position > mask length set to 0. I do not believe that this a requirement for CIDR notation. If it is, it is not applied consistently since the routine will break if the mask is == 0 at a given byte.

        for (int i = 0; i < PrefixBytes.Length && Mask[i] != 0; i++)
        {
            if (PrefixBytes[i] != (addressBytes[i] & Mask[i]))
            {
                return false;
            }
        }

To Reproduce

Create instance with Prefix/Prefix Length 192.168.0.1/31.
Contains returns false for 192.168.0.0.

Expected behavior

Expectation is that 192.168.0.1/31 would match 192.168.0.0

[Tratcher]

Hmm, CreateMask should already be dealing with this:
https://github.com/aspnet/AspNetCore/blob/402394347d5a9b3add7decf52af85cbb4e7866b3/src/Middleware/HttpOverrides/src/IPNetwork.cs#L48

[fvoronin]

The problem that, because here

aspnetcore/src/Middleware/HttpOverrides/src/IPNetwork.cs

Lines 45 to 62 in ce2e3bc

	public bool Contains(IPAddress address)
	{
	if (Prefix.AddressFamily != address.AddressFamily)
	{
	return false;
	}
	var addressBytes = address.GetAddressBytes();
	for (int i = 0; i < PrefixBytes.Length && Mask[i] != 0; i++)
	{
	if (PrefixBytes[i] != (addressBytes[i] & Mask[i]))
	{
	return false;
	}
	}
	return true;
	}

does not correctly determine if the host address is in the same subnet:

if (PrefixBytes[i] != (addressBytes[i] & Mask[i])) 

We need to get a subnet address for both addresses (for initial address - PrefixBytes, and for the address to be checked - addressBytes) and compare the octets of those subnet addresses.

Also I think it would be nice to add a check for the prefixLength parameter in the constructor for going beyond the range 0-32 for IPv4 and 0-128 for IPv6.