From: Florian Westphal <fw@strlen.de>
Date: Mon, 28 May 2018 20:17:50 +0000 (+0200)
Subject: xtables-compat: ignore '+' interface name
X-Git-Tag: v1.8.0~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a8635183edd097916937cc7de5a29fbea9b8d2a;p=thirdparty%2Fiptables.git

xtables-compat: ignore '+' interface name

its same as omitting it, so instead of generating
invalid compare-with-0-sized-register, just ignore it.

Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 1d9554d3..b89a3e7b 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -139,9 +139,10 @@ void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op)
 	iface_len = strlen(iface);
 
 	add_meta(r, NFT_META_IIFNAME);
-	if (iface[iface_len - 1] == '+')
-		add_cmp_ptr(r, op, iface, iface_len - 1);
-	else
+	if (iface[iface_len - 1] == '+') {
+		if (iface_len > 1)
+			add_cmp_ptr(r, op, iface, iface_len - 1);
+	} else
 		add_cmp_ptr(r, op, iface, iface_len + 1);
 }
 
@@ -152,9 +153,10 @@ void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
 	iface_len = strlen(iface);
 
 	add_meta(r, NFT_META_OIFNAME);
-	if (iface[iface_len - 1] == '+')
-		add_cmp_ptr(r, op, iface, iface_len - 1);
-	else
+	if (iface[iface_len - 1] == '+') {
+		if (iface_len > 1)
+			add_cmp_ptr(r, op, iface, iface_len - 1);
+	} else
 		add_cmp_ptr(r, op, iface, iface_len + 1);
 }