]> git.ipfire.org Git - thirdparty/iptables.git/commit
projects / thirdparty / iptables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5f1fcac) | patch
nft: Fix bitwise expression avoidance detection
authorPhil Sutter <phil@nwl.cc>
Fri, 19 Feb 2021 15:54:57 +0000 (16:54 +0100)
committerPhil Sutter <phil@nwl.cc>
Tue, 9 Mar 2021 08:27:17 +0000 (09:27 +0100)
commit330f5df03ad589b46865ceedf2a54cf10a4225ba
treef1884d4455cb5934037248e920dc3525af43b361tree
parent5f1fcacebf9b4529950b6e3f88327049a0ea7cd2commit | diff
nft: Fix bitwise expression avoidance detection

Byte-boundary prefix detection was too sloppy: Any data following the
first zero-byte was ignored. Add a follow-up loop making sure there are
no stray bits in the designated host part.

Fixes: 323259001d617 ("nft: Optimize class-based IP prefix matches")
Signed-off-by: Phil Sutter <phil@nwl.cc>
iptables/nft-shared.c diff | blob | blame | history
iptables/tests/shell/testcases/ip6tables/0004-address-masks_0 [new file with mode: 0755] blob
Mirror of git://git.netfilter.org/iptables