ip6tables: Fix checking existence of rule

Pass the proper entry size when creating a match mask for checking the existence of a rule. Failing to do so causes wrong results. Reported-by: Jonathan Caicedo <jonathan@jcaicedo.com> Fixes: eb2546a846776 ("xshared: Share make_delete_mask() between ip{,6}tables") Signed-off-by: Markus Boehme <markubo@amazon.com> Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Markus Boehme <markubo@amazon.com> 2023-04-03 23:13:47 +0200
committer: Phil Sutter <phil@nwl.cc> 2023-04-04 13:26:43 +0200
commit: 78850e7dba64a949c440dbdbe557f59409c6db48 (patch)
tree: faae2ef0aea08a3d328b5d2985c3a65b81b20b7f
parent: 09f0bfe2032454d21e3650e7ac75c4dc53f3c881 (diff)
download: iptables-78850e7dba64a949c440dbdbe557f59409c6db48.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c
index 345af451..9afc32c1 100644
--- a/iptables/ip6tables.c
+++ b/iptables/ip6tables.c
@@ -331,7 +331,7 @@ check_entry(const xt_chainlabel chain, struct ip6t_entry *fw,
 	int ret = 1;
 	unsigned char *mask;
 
-	mask = make_delete_mask(matches, target, sizeof(fw));
+	mask = make_delete_mask(matches, target, sizeof(*fw));
 	for (i = 0; i < nsaddrs; i++) {
 		fw->ipv6.src = saddrs[i];
 		fw->ipv6.smsk = smasks[i];
author	Markus Boehme <markubo@amazon.com>	2023-04-03 23:13:47 +0200
committer	Phil Sutter <phil@nwl.cc>	2023-04-04 13:26:43 +0200
commit	78850e7dba64a949c440dbdbe557f59409c6db48 (patch)
tree	faae2ef0aea08a3d328b5d2985c3a65b81b20b7f
parent	09f0bfe2032454d21e3650e7ac75c4dc53f3c881 (diff)
download	iptables-78850e7dba64a949c440dbdbe557f59409c6db48.tar.gz