extensions: libebt_ip: fix tos negation

passing ->tos as uintmax_t will clear adjacent fields in the structure,
including invflags.

Fixes: 49479aa12a15 ("ebtables-compat: add 'ip' match extension")
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/extensions/libebt_ip.c b/extensions/libebt_ip.c
index 2b28c615fe47ded29bbfcd53b7fee1ab0aa28060..acb9bfcdbbd9fb56e5dd1e527bcb217fd4cf3ffc 100644 (file)
--- a/extensions/libebt_ip.c
+++ b/extensions/libebt_ip.c
@@ -424,14 +424,17 @@ brip_parse(int c, char **argv, int invert, unsigned int *flags,
                               info->igmp_type, NULL);
                info->bitmask |= EBT_IP_IGMP;
                break;
-       case IP_EBT_TOS:
+       case IP_EBT_TOS: {
+               uintmax_t tosvalue;
+
                if (invert)
                        info->invflags |= EBT_IP_TOS;
-               if (!xtables_strtoul(optarg, NULL, (uintmax_t *)&info->tos,
-                                    0, 255))
+               if (!xtables_strtoul(optarg, NULL, &tosvalue, 0, 255))
                        xtables_error(PARAMETER_PROBLEM,
                                      "Problem with specified IP tos");
+               info->tos = tosvalue;
                info->bitmask |= EBT_IP_TOS;
+       }
                break;
        case IP_PROTO:
                if (invert)

diff --git a/extensions/libebt_ip.t b/extensions/libebt_ip.t
index 6f99aa56d238467804d966dbcb86cff534a1e067..87602367182a63a483b6f5d8d0ac6fcf433b57ff 100644 (file)
--- a/extensions/libebt_ip.t
+++ b/extensions/libebt_ip.t
@@ -2,6 +2,7 @@
 -p ip --ip-src ! 192.168.0.0/24 -j ACCEPT;-p IPv4 --ip-src ! 192.168.0.0/24 -j ACCEPT;OK
 -p IPv4 --ip-dst 10.0.0.1;=;OK
 -p IPv4 --ip-tos 0xFF;=;OK
+-p IPv4 --ip-tos ! 0xFF;=;OK
 -p IPv4 --ip-proto tcp --ip-dport 22;=;OK
 -p IPv4 --ip-proto udp --ip-sport 1024:65535;=;OK
 -p IPv4 --ip-proto 253;=;OK