evaluate: insert byte-order conversions for expressions between 9 and 15 bits

Round up expression lengths when determining whether to insert a
byte-order conversion.  For example, if one is masking a network header
which spans a byte boundary, the mask will span two bytes and so it will
need to be in NBO.

Fixes: bb03cbcd18a1 ("evaluate: no need to swap byte-order for values of fewer than 16 bits.")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index edc3c5cb04f35ffccc0f4def14fd245006c5d311..21d360493ceb47e1a5eb20b8869d6e16f34f4724 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -193,7 +193,7 @@ static int byteorder_conversion(struct eval_ctx *ctx, struct expr **expr,
                                  byteorder_names[(*expr)->byteorder]);
        }
 
-       if (expr_is_constant(*expr) || (*expr)->len / BITS_PER_BYTE < 2)
+       if (expr_is_constant(*expr) || div_round_up((*expr)->len, BITS_PER_BYTE) < 2)
                (*expr)->byteorder = byteorder;
        else {
                op = byteorder_conversion_op(*expr, byteorder);