diff mbox series

[xtables] extensions: libebt_ip: fix tos negation

Message ID 20181105104602.13903-1-fw@strlen.de
State Accepted
Delegated to: Pablo Neira
Headers show
Series [xtables] extensions: libebt_ip: fix tos negation | expand

Commit Message

Florian Westphal Nov. 5, 2018, 10:46 a.m. UTC 
passing ->tos as uintmax_t will clear adjacent fields in the structure,
including invflags.

Fixes: 49479aa12a15 ("ebtables-compat: add 'ip' match extension")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 extensions/libebt_ip.c | 9 ++++++---
 extensions/libebt_ip.t | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/extensions/libebt_ip.c b/extensions/libebt_ip.c
index 2b28c615fe47..acb9bfcdbbd9 100644
--- a/extensions/libebt_ip.c
+++ b/extensions/libebt_ip.c
@@ -424,14 +424,17 @@  brip_parse(int c, char **argv, int invert, unsigned int *flags,
 			       info->igmp_type, NULL);
 		info->bitmask |= EBT_IP_IGMP;
 		break;
-	case IP_EBT_TOS:
+	case IP_EBT_TOS: {
+		uintmax_t tosvalue;
+
 		if (invert)
 			info->invflags |= EBT_IP_TOS;
-		if (!xtables_strtoul(optarg, NULL, (uintmax_t *)&info->tos,
-				     0, 255))
+		if (!xtables_strtoul(optarg, NULL, &tosvalue, 0, 255))
 			xtables_error(PARAMETER_PROBLEM,
 				      "Problem with specified IP tos");
+		info->tos = tosvalue;
 		info->bitmask |= EBT_IP_TOS;
+	}
 		break;
 	case IP_PROTO:
 		if (invert)
diff --git a/extensions/libebt_ip.t b/extensions/libebt_ip.t
index 6f99aa56d238..87602367182a 100644
--- a/extensions/libebt_ip.t
+++ b/extensions/libebt_ip.t
@@ -2,6 +2,7 @@ 
 -p ip --ip-src ! 192.168.0.0/24 -j ACCEPT;-p IPv4 --ip-src ! 192.168.0.0/24 -j ACCEPT;OK
 -p IPv4 --ip-dst 10.0.0.1;=;OK
 -p IPv4 --ip-tos 0xFF;=;OK
+-p IPv4 --ip-tos ! 0xFF;=;OK
 -p IPv4 --ip-proto tcp --ip-dport 22;=;OK
 -p IPv4 --ip-proto udp --ip-sport 1024:65535;=;OK
 -p IPv4 --ip-proto 253;=;OK