diff options
| author | Phil Sutter <phil@nwl.cc> | 2019-05-09 13:35:39 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-05-09 17:19:50 +0200 |
| commit | 6b88377e03ba6cd11bbe37241e8a0f9feb5bbac4 (patch) | |
| tree | 7fe23df206783f1ed2f4ef1776515127e2ac8ffe /src/netlink_delinearize.c | |
| parent | 993e4282a9981a4bb03b9a8952587724b08d6a50 (diff) | |
netlink: Fix printing of zero-length prefixes
When delinearizing, an all-zero mask didn't qualify as prefix. Therefore
a statement:
| ip daddr 0.0.0.0/0
would be printed as:
| ip daddr & 0.0.0.0 == 0.0.0.0
To fix this, expr_mask_is_prefix() must return true if the initial 1-bit
search fails (the given value must be zero in this case). Additionally,
a shortcut is needed in conversion algorithm of expr_mask_to_prefix()
to not turn the zero prefix into a 1 by accident.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
| -rw-r--r-- | src/netlink_delinearize.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 2c9b0a32..c018e78b 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1734,6 +1734,8 @@ static unsigned int expr_mask_to_prefix(const struct expr *expr) unsigned long n; n = mpz_scan1(expr->value, 0); + if (n == ULONG_MAX) + return 0; return mpz_scan0(expr->value, n + 1) - n; } @@ -1744,7 +1746,7 @@ static bool expr_mask_is_prefix(const struct expr *expr) n1 = mpz_scan1(expr->value, 0); if (n1 == ULONG_MAX) - return false; + return true; n2 = mpz_scan0(expr->value, n1 + 1); if (n2 < expr->len || n2 == ULONG_MAX) return false; |