diff options
author | Phil Oester <kernel@linuxace.com> | 2013-09-26 09:06:58 -0700 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-27 16:28:51 +0200 |
commit | 03e227017cca4f6d62a434bbaacf07e2869775b9 (patch) | |
tree | 4461527f6a948fd22f6b130623b4b5b9d076f657 /libxtables/xtables.c | |
parent | f70e1d675ae70f607e28ea07d8e024ccf283374a (diff) |
libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
As pointed out by Peter Hoelsken, rules created with non-standard
masks such as 0.255.0.0, 0.0.255.0, etc. are displayed when output
with iptables -L in CIDR notation as -1. This is because the cidr
variable in xtables_ipmask_to_numeric is unsigned, and the return
value of -1 from xtables_ipmask_to_cidr is therefore converted to
UINT_MAX. Add a cast to workaround the issue.
This closes netfilter bugzilla #854.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'libxtables/xtables.c')
-rw-r--r-- | libxtables/xtables.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c index ef5bc072..8437baf8 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -1243,7 +1243,7 @@ const char *xtables_ipmask_to_numeric(const struct in_addr *mask) uint32_t cidr; cidr = xtables_ipmask_to_cidr(mask); - if (cidr < 0) { + if (cidr == (unsigned int)-1) { /* mask was not a decent combination of 1's and 0's */ sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask)); return buf; |