libxt_connlimit: initialize v6_mask

When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the
code uses a left shift on v6_mask[n]. This requires v6_mask to be
filled with all one-bits beforehand, but this initialization was not
done.

References: http://bugzilla.netfilter.org/show_bug.cgi?id=597
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libxt_connlimit.c b/extensions/libxt_connlimit.c
index f001a2e4947470366563bea79708ae8e1d401f82..403e7e6f9470610b22890a492ba1b733cefd0282 100644 (file)
--- a/extensions/libxt_connlimit.c
+++ b/extensions/libxt_connlimit.c
@@ -26,7 +26,9 @@ static const struct option connlimit_opts[] = {
 static void connlimit_init(struct xt_entry_match *match)
 {
        struct xt_connlimit_info *info = (void *)match->data;
-       info->v4_mask = 0xFFFFFFFFUL;
+
+       /* This will also initialize the v4 mask correctly */
+       memset(info->v6_mask, 0xFF, sizeof(info->v6_mask));
 }
 
 static void prefix_to_netmask(u_int32_t *mask, unsigned int prefix_len)