The right shift transfer may be result in adjusting the set key size, eg. ip6 dscp results in fetching 6 bits that are splitted between two bytes, hence the set element ends up being 16 bytes long. Reported-by: Florian Westphal <fw@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/evaluate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index d69610995897..967ad162e46e 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1282,8 +1282,9 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) if (binop_transfer(ctx, expr) < 0) return -1; - map = *expr; + ctx->set->key->len = ctx->ectx.len; ctx->set = NULL; + map = *expr; map->mappings->set->flags |= map->mappings->set->init->set_flags; break; case EXPR_SYMBOL: -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
