Message ID | 20240508170422.1396740-1-cgoettsche@seltendoof.de (mailing list archive) |
---|---|
State | New |
Delegated to: | Petr Lautrbach |
Headers | show |
Series | [1/2] checkpolicy: perform contiguous check in host byte order | expand |
On Wed, May 8, 2024 at 1:04 PM Christian Göttsche <cgoettsche@seltendoof.de> wrote: > > From: Christian Göttsche <cgzones@googlemail.com> > > The contiguous check for network masks requires host byte order on the > underlying integers. > Convert from network byte order to avoid wrong warnings. > > Fixes: 01b88ac3 ("checkpolicy: warn on bogus IP address or netmask in nodecon statement") > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> For these two patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > checkpolicy/policy_define.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > index aa2ac2e6..9671906f 100644 > --- a/checkpolicy/policy_define.c > +++ b/checkpolicy/policy_define.c > @@ -5292,7 +5292,7 @@ int define_ipv4_node_context(void) > > free(id); > > - if (mask.s_addr != 0 && ((~mask.s_addr + 1) & ~mask.s_addr) != 0) { > + if (mask.s_addr != 0 && ((~be32toh(mask.s_addr) + 1) & ~be32toh(mask.s_addr)) != 0) { > yywarn("ipv4 mask is not contiguous"); > } > > -- > 2.43.0 > >
On Wed, May 15, 2024 at 4:16 PM James Carter <jwcart2@gmail.com> wrote: > > On Wed, May 8, 2024 at 1:04 PM Christian Göttsche > <cgoettsche@seltendoof.de> wrote: > > > > From: Christian Göttsche <cgzones@googlemail.com> > > > > The contiguous check for network masks requires host byte order on the > > underlying integers. > > Convert from network byte order to avoid wrong warnings. > > > > Fixes: 01b88ac3 ("checkpolicy: warn on bogus IP address or netmask in nodecon statement") > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > For these two patches: > Acked-by: James Carter <jwcart2@gmail.com> > These two patches have been merged. Thanks, Jim > > --- > > checkpolicy/policy_define.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > > index aa2ac2e6..9671906f 100644 > > --- a/checkpolicy/policy_define.c > > +++ b/checkpolicy/policy_define.c > > @@ -5292,7 +5292,7 @@ int define_ipv4_node_context(void) > > > > free(id); > > > > - if (mask.s_addr != 0 && ((~mask.s_addr + 1) & ~mask.s_addr) != 0) { > > + if (mask.s_addr != 0 && ((~be32toh(mask.s_addr) + 1) & ~be32toh(mask.s_addr)) != 0) { > > yywarn("ipv4 mask is not contiguous"); > > } > > > > -- > > 2.43.0 > > > >
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index aa2ac2e6..9671906f 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -5292,7 +5292,7 @@ int define_ipv4_node_context(void) free(id); - if (mask.s_addr != 0 && ((~mask.s_addr + 1) & ~mask.s_addr) != 0) { + if (mask.s_addr != 0 && ((~be32toh(mask.s_addr) + 1) & ~be32toh(mask.s_addr)) != 0) { yywarn("ipv4 mask is not contiguous"); }