path: root/libxtables
diff options
authorPhil Oester <>2013-09-26 09:06:58 -0700
committerPablo Neira Ayuso <>2013-09-27 16:28:51 +0200
commit03e227017cca4f6d62a434bbaacf07e2869775b9 (patch)
tree4461527f6a948fd22f6b130623b4b5b9d076f657 /libxtables
parentf70e1d675ae70f607e28ea07d8e024ccf283374a (diff)
libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
As pointed out by Peter Hoelsken, rules created with non-standard masks such as,, etc. are displayed when output with iptables -L in CIDR notation as -1. This is because the cidr variable in xtables_ipmask_to_numeric is unsigned, and the return value of -1 from xtables_ipmask_to_cidr is therefore converted to UINT_MAX. Add a cast to workaround the issue. This closes netfilter bugzilla #854. Signed-off-by: Phil Oester <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'libxtables')
1 files changed, 1 insertions, 1 deletions
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index ef5bc072..8437baf8 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1243,7 +1243,7 @@ const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
uint32_t cidr;
cidr = xtables_ipmask_to_cidr(mask);
- if (cidr < 0) {
+ if (cidr == (unsigned int)-1) {
/* mask was not a decent combination of 1's and 0's */
sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask));
return buf;