diff options
author | Florian Westphal <fw@strlen.de> | 2018-05-28 22:17:50 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-05-28 23:18:31 +0200 |
commit | 0a8635183edd097916937cc7de5a29fbea9b8d2a (patch) | |
tree | f455319b4e7151621b066b64b7b6b744ee9ecff6 /iptables/nft-shared.c | |
parent | 125d1ce87b01f3973376a34c1cc13a22917eb195 (diff) |
xtables-compat: ignore '+' interface name
its same as omitting it, so instead of generating
invalid compare-with-0-sized-register, just ignore it.
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 1d9554d3..b89a3e7b 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -139,9 +139,10 @@ void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op) iface_len = strlen(iface); add_meta(r, NFT_META_IIFNAME); - if (iface[iface_len - 1] == '+') - add_cmp_ptr(r, op, iface, iface_len - 1); - else + if (iface[iface_len - 1] == '+') { + if (iface_len > 1) + add_cmp_ptr(r, op, iface, iface_len - 1); + } else add_cmp_ptr(r, op, iface, iface_len + 1); } @@ -152,9 +153,10 @@ void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op) iface_len = strlen(iface); add_meta(r, NFT_META_OIFNAME); - if (iface[iface_len - 1] == '+') - add_cmp_ptr(r, op, iface, iface_len - 1); - else + if (iface[iface_len - 1] == '+') { + if (iface_len > 1) + add_cmp_ptr(r, op, iface, iface_len - 1); + } else add_cmp_ptr(r, op, iface, iface_len + 1); } |