The right shift transfer may be result in adjusting the set key size,
eg. ip6 dscp results in fetching 6 bits that are splitted between two
bytes, hence the set element ends up being 16 bytes long.

Reported-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
 src/evaluate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index d69610995897..967ad162e46e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1282,8 +1282,9 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct 
expr **expr)
                if (binop_transfer(ctx, expr) < 0)
                        return -1;
 
-               map = *expr;
+               ctx->set->key->len = ctx->ectx.len;
                ctx->set = NULL;
+               map = *expr;
                map->mappings->set->flags |= 
map->mappings->set->init->set_flags;
                break;
        case EXPR_SYMBOL:
-- 
2.11.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to