summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2018-05-28 22:17:50 +0200
committerFlorian Westphal <fw@strlen.de>2018-05-28 23:18:31 +0200
commit0a8635183edd097916937cc7de5a29fbea9b8d2a (patch)
treef455319b4e7151621b066b64b7b6b744ee9ecff6
parent125d1ce87b01f3973376a34c1cc13a22917eb195 (diff)
xtables-compat: ignore '+' interface name
its same as omitting it, so instead of generating invalid compare-with-0-sized-register, just ignore it. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--iptables/nft-shared.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 1d9554d3..b89a3e7b 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -139,9 +139,10 @@ void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op)
iface_len = strlen(iface);
add_meta(r, NFT_META_IIFNAME);
- if (iface[iface_len - 1] == '+')
- add_cmp_ptr(r, op, iface, iface_len - 1);
- else
+ if (iface[iface_len - 1] == '+') {
+ if (iface_len > 1)
+ add_cmp_ptr(r, op, iface, iface_len - 1);
+ } else
add_cmp_ptr(r, op, iface, iface_len + 1);
}
@@ -152,9 +153,10 @@ void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
iface_len = strlen(iface);
add_meta(r, NFT_META_OIFNAME);
- if (iface[iface_len - 1] == '+')
- add_cmp_ptr(r, op, iface, iface_len - 1);
- else
+ if (iface[iface_len - 1] == '+') {
+ if (iface_len > 1)
+ add_cmp_ptr(r, op, iface, iface_len - 1);
+ } else
add_cmp_ptr(r, op, iface, iface_len + 1);
}