From: Phil Sutter <phil@nwl.cc>
Date: Thu, 9 May 2019 11:35:39 +0000 (+0200)
Subject: netlink: Fix printing of zero-length prefixes
X-Git-Tag: v0.9.1~84
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b88377e03ba6cd11bbe37241e8a0f9feb5bbac4;p=thirdparty%2Fnftables.git

netlink: Fix printing of zero-length prefixes

When delinearizing, an all-zero mask didn't qualify as prefix. Therefore
a statement:

| ip daddr 0.0.0.0/0

would be printed as:

| ip daddr & 0.0.0.0 == 0.0.0.0

To fix this, expr_mask_is_prefix() must return true if the initial 1-bit
search fails (the given value must be zero in this case). Additionally,
a shortcut is needed in conversion algorithm of expr_mask_to_prefix()
to not turn the zero prefix into a 1 by accident.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 2c9b0a32..c018e78b 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1734,6 +1734,8 @@ static unsigned int expr_mask_to_prefix(const struct expr *expr)
 	unsigned long n;
 
 	n = mpz_scan1(expr->value, 0);
+	if (n == ULONG_MAX)
+		return 0;
 	return mpz_scan0(expr->value, n + 1) - n;
 }
 
@@ -1744,7 +1746,7 @@ static bool expr_mask_is_prefix(const struct expr *expr)
 
 	n1 = mpz_scan1(expr->value, 0);
 	if (n1 == ULONG_MAX)
-		return false;
+		return true;
 	n2 = mpz_scan0(expr->value, n1 + 1);
 	if (n2 < expr->len || n2 == ULONG_MAX)
 		return false;