Since nft adds the interface name as fixed-size string of 16 bytes,
filling a mask based on the length value will not match the mask nft
set.
Fixes: 652b98e793711 ("xtables-compat: fix wildcard detection")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
iptables/nft-shared.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 63d251986f65b..e812a9bcae466 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -279,7 +279,7 @@ static void parse_ifname(const char *name, unsigned int len, char *dst, unsigned
memcpy(dst, name, len);
if (name[len - 1] == '\0') {
if (mask)
- memset(mask, 0xff, len);
+ memset(mask, 0xff, strlen(name) + 1);
return;
}
--
2.38.0
