nft: Fix for comparing ifname matches against nft-generated ones

Since nft adds the interface name as fixed-size string of 16 bytes,
filling a mask based on the length value will not match the mask nft
set.

Fixes: 652b98e793711 ("xtables-compat: fix wildcard detection")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index f1503b6ce0cbc16e9c1ff481007e97e2e2ac06cf..03e13fdcb716ea047004bace3cd41f8882fd7c5f 100644 (file)
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -279,7 +279,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned
        memcpy(dst, name, len);
        if (name[len - 1] == '\0') {
                if (mask)
-                       memset(mask, 0xff, len);
+                       memset(mask, 0xff, strlen(name) + 1);
                return;
        }