From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
The contiguous check for network masks requires host byte order on the
underlying integers.
Convert from network byte order to avoid wrong warnings.
Fixes: 01b88ac3 ("checkpolicy: warn on bogus IP address or netmask in nodecon statement")
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
checkpolicy/policy_define.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index aa2ac2e6..9671906f 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -5292,7 +5292,7 @@ int define_ipv4_node_context(void)
free(id);
- if (mask.s_addr != 0 && ((~mask.s_addr + 1) & ~mask.s_addr) != 0) {
+ if (mask.s_addr != 0 && ((~be32toh(mask.s_addr) + 1) & ~be32toh(mask.s_addr)) != 0) {
yywarn("ipv4 mask is not contiguous");
}
--
2.43.0
