diff options
| author | kd6lvw <kd6lvw@yahoo.com> | 2009-06-07 14:23:00 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2009-06-10 05:22:21 +0200 |
| commit | a3726818e07d47136010f09762637a3e597329e3 (patch) | |
| tree | 3f800f1c92163ae376e5ca857ed02b5ac2aa506f | |
| parent | ae737f0070c9aaccb722ba342b12043fb124d9e2 (diff) | |
libxt_connlimit: initialize v6_mask
When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the
code uses a left shift on v6_mask[n]. This requires v6_mask to be
filled with all one-bits beforehand, but this initialization was not
done.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=597
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| -rw-r--r-- | extensions/libxt_connlimit.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c index f001a2e4..403e7e6f 100644 --- a/extensions/libxt_connlimit.c +++ b/extensions/libxt_connlimit.c @@ -26,7 +26,9 @@ static const struct option connlimit_opts[] = { static void connlimit_init(struct xt_entry_match *match) { struct xt_connlimit_info *info = (void *)match->data; - info->v4_mask = 0xFFFFFFFFUL; + + /* This will also initialize the v4 mask correctly */ + memset(info->v6_mask, 0xFF, sizeof(info->v6_mask)); } static void prefix_to_netmask(u_int32_t *mask, unsigned int prefix_len) |