conntrackd: incorrect filtering of Address with cidr /0

Set an all zero mask when cidr /0 is specified. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-09-20 15:06:49 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-09-30 18:23:17 +0200
commit: ba0e17fb5224489a805db70774271f5d63e2ab96 (patch)
tree: a68856584bfc82418279d0c1ed02933c29dd0fdc /src/cidr.c
parent: fd31364ba44ee57274faaac53b895bcc717f77c9 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/src/cidr.c b/src/cidr.c
index 91025b6..6ef85c7 100644
--- a/src/cidr.c
+++ b/src/cidr.c
@@ -24,6 +24,9 @@
 /* returns the netmask in host byte order */
 uint32_t ipv4_cidr2mask_host(uint8_t cidr)
 {
+	if (cidr == 0)
+		return 0;
+
 	return 0xFFFFFFFF << (32 - cidr);
 }
 
@@ -42,10 +45,13 @@ void ipv6_cidr2mask_host(uint8_t cidr, uint32_t *res)
 		res[i] = 0xFFFFFFFF;
 		cidr -= 32;
 	}
-	res[i] = 0xFFFFFFFF << (32 - cidr);
-	for (j = i+1; j < 4; j++) {
+	if (cidr == 0)
+		res[i] = 0;
+	else
+		res[i] = 0xFFFFFFFF << (32 - cidr);
+
+	for (j = i + 1; j < 4; j++)
 		res[j] = 0;
-	}
 }
 
 void ipv6_cidr2mask_net(uint8_t cidr, uint32_t *res)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-09-20 15:06:49 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-09-30 18:23:17 +0200
commit	ba0e17fb5224489a805db70774271f5d63e2ab96 (patch)
tree	a68856584bfc82418279d0c1ed02933c29dd0fdc /src/cidr.c
parent	fd31364ba44ee57274faaac53b895bcc717f77c9 (diff)