evaluate: propagate binop_transfer() adjustment to set key size

The right shift transfer may be result in adjusting the set key size,
eg. ip6 dscp results in fetching 6 bits that are splitted between two
bytes, hence the set element ends up being 16 bytes long.

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index d69610995897677a215e4dc5f886cee1124cad32..967ad162e46e579af2b42dfb1cc13e258fe005b7 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1282,8 +1282,9 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
                if (binop_transfer(ctx, expr) < 0)
                        return -1;
 
-               map = *expr;
+               ctx->set->key->len = ctx->ectx.len;
                ctx->set = NULL;
+               map = *expr;
                map->mappings->set->flags |= map->mappings->set->init->set_flags;
                break;
        case EXPR_SYMBOL: