diff options
author | Phil Sutter <phil@nwl.cc> | 2022-12-01 13:09:48 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-12-02 01:47:32 +0100 |
commit | f200aca7ff7b6a0edbe9024f0543b3f58111c50e (patch) | |
tree | 74239fe5363b68927f6964d259a4510d972aaa95 /iptables | |
parent | 7705b2daa3bdc1143e58a4e38224a3392ff3501a (diff) |
nft: Fix for comparing ifname matches against nft-generated ones
Since nft adds the interface name as fixed-size string of 16 bytes,
filling a mask based on the length value will not match the mask nft
set.
Fixes: 652b98e793711 ("xtables-compat: fix wildcard detection")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-shared.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index f1503b6c..03e13fdc 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -279,7 +279,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned memcpy(dst, name, len); if (name[len - 1] == '\0') { if (mask) - memset(mask, 0xff, len); + memset(mask, 0xff, strlen(name) + 1); return; } |