On Wed, May 15, 2024 at 4:16 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, May 8, 2024 at 1:04 PM Christian Göttsche
> <cgoettsche@xxxxxxxxxxxxx> wrote:
> >
> > From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> >
> > The contiguous check for network masks requires host byte order on the
> > underlying integers.
> > Convert from network byte order to avoid wrong warnings.
> >
> > Fixes: 01b88ac3 ("checkpolicy: warn on bogus IP address or netmask in nodecon statement")
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> For these two patches:
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
These two patches have been merged.
Thanks,
Jim
> > ---
> > checkpolicy/policy_define.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> > index aa2ac2e6..9671906f 100644
> > --- a/checkpolicy/policy_define.c
> > +++ b/checkpolicy/policy_define.c
> > @@ -5292,7 +5292,7 @@ int define_ipv4_node_context(void)
> >
> > free(id);
> >
> > - if (mask.s_addr != 0 && ((~mask.s_addr + 1) & ~mask.s_addr) != 0) {
> > + if (mask.s_addr != 0 && ((~be32toh(mask.s_addr) + 1) & ~be32toh(mask.s_addr)) != 0) {
> > yywarn("ipv4 mask is not contiguous");
> > }
> >
> > --
> > 2.43.0
> >
> >
