its same as omitting it, so instead of generating
invalid compare-with-0-sized-register, just ignore it.
Reported-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
iptables/nft-shared.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 1d9554d36eeb..b89a3e7b9d31 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -139,9 +139,10 @@ void add_iniface(struct nftnl_rule *r, char *iface, uint32_t op)
iface_len = strlen(iface);
add_meta(r, NFT_META_IIFNAME);
- if (iface[iface_len - 1] == '+')
- add_cmp_ptr(r, op, iface, iface_len - 1);
- else
+ if (iface[iface_len - 1] == '+') {
+ if (iface_len > 1)
+ add_cmp_ptr(r, op, iface, iface_len - 1);
+ } else
add_cmp_ptr(r, op, iface, iface_len + 1);
}
@@ -152,9 +153,10 @@ void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
iface_len = strlen(iface);
add_meta(r, NFT_META_OIFNAME);
- if (iface[iface_len - 1] == '+')
- add_cmp_ptr(r, op, iface, iface_len - 1);
- else
+ if (iface[iface_len - 1] == '+') {
+ if (iface_len > 1)
+ add_cmp_ptr(r, op, iface, iface_len - 1);
+ } else
add_cmp_ptr(r, op, iface, iface_len + 1);
}
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
