netlink: Fix printing of zero-length prefixes

When delinearizing, an all-zero mask didn't qualify as prefix. Therefore
a statement:

| ip daddr 0.0.0.0/0

would be printed as:

| ip daddr & 0.0.0.0 == 0.0.0.0

To fix this, expr_mask_is_prefix() must return true if the initial 1-bit
search fails (the given value must be zero in this case). Additionally,
a shortcut is needed in conversion algorithm of expr_mask_to_prefix()
to not turn the zero prefix into a 1 by accident.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 2c9b0a32a932ed1e4856c745382429a4eb8e8226..c018e78b02925409ef0b0663ea390fe0a2e87118 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1734,6 +1734,8 @@ static unsigned int expr_mask_to_prefix(const struct expr *expr)
        unsigned long n;
 
        n = mpz_scan1(expr->value, 0);
+       if (n == ULONG_MAX)
+               return 0;
        return mpz_scan0(expr->value, n + 1) - n;
 }
 
@@ -1744,7 +1746,7 @@ static bool expr_mask_is_prefix(const struct expr *expr)
 
        n1 = mpz_scan1(expr->value, 0);
        if (n1 == ULONG_MAX)
-               return false;
+               return true;
        n2 = mpz_scan0(expr->value, n1 + 1);
        if (n2 < expr->len || n2 == ULONG_MAX)
                return false;