34 lines
1.0 KiB
Diff
34 lines
1.0 KiB
Diff
From 169d4dd39aeeb9108810e95b6eb176b50701ff7e Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Thu, 1 Dec 2022 13:09:48 +0100
|
|
Subject: [PATCH] nft: Fix for comparing ifname matches against nft-generated
|
|
ones
|
|
|
|
Since nft adds the interface name as fixed-size string of 16 bytes,
|
|
filling a mask based on the length value will not match the mask nft
|
|
set.
|
|
|
|
Fixes: 652b98e793711 ("xtables-compat: fix wildcard detection")
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
(cherry picked from commit f200aca7ff7b6a0edbe9024f0543b3f58111c50e)
|
|
---
|
|
iptables/nft-shared.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
|
|
index 075ad620250dc..14b04b24085a0 100644
|
|
--- a/iptables/nft-shared.c
|
|
+++ b/iptables/nft-shared.c
|
|
@@ -243,7 +243,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned
|
|
memcpy(dst, name, len);
|
|
if (name[len - 1] == '\0') {
|
|
if (mask)
|
|
- memset(mask, 0xff, len);
|
|
+ memset(mask, 0xff, strlen(name) + 1);
|
|
return;
|
|
}
|
|
|
|
--
|
|
2.40.0
|
|
|