libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks

As pointed out by Peter Hoelsken, rules created with non-standard
masks such as 0.255.0.0, 0.0.255.0, etc. are displayed when output
with iptables -L in CIDR notation as -1.  This is because the cidr
variable in xtables_ipmask_to_numeric is unsigned, and the return
value of -1 from xtables_ipmask_to_cidr is therefore converted to
UINT_MAX. Add a cast to workaround the issue.

This closes netfilter bugzilla #854.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index ef5bc0726203ac61aad7f4c482494f35be96c8ee..8437baf8338b39e1921f15b49cefbdc811b183b6 100644 (file)
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -1243,7 +1243,7 @@ const char *xtables_ipmask_to_numeric(const struct in_addr *mask)
        uint32_t cidr;
 
        cidr = xtables_ipmask_to_cidr(mask);
-       if (cidr < 0) {
+       if (cidr == (unsigned int)-1) {
                /* mask was not a decent combination of 1's and 0's */
                sprintf(buf, "/%s", xtables_ipaddr_to_numeric(mask));
                return buf;