checkpolicy: perform contiguous check in host byte order

The contiguous check for network masks requires host byte order on the underlying integers. Convert from network byte order to avoid wrong warnings. Fixes: 01b88ac ("checkpolicy: warn on bogus IP address or netmask in nodecon statement") Signed-off-by: Christian Göttsche <[email protected]> Acked-by: James Carter <[email protected]>
jwcart2 · May 24, 2024 · a1227a5 · a1227a5
1 parent ef35345
commit a1227a5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
@@ -5292,7 +5292,7 @@ int define_ipv4_node_context(void)
 
 	free(id);
 
-	if (mask.s_addr != 0 && ((~mask.s_addr + 1) & ~mask.s_addr) != 0) {
+	if (mask.s_addr != 0 && ((~be32toh(mask.s_addr) + 1) & ~be32toh(mask.s_addr)) != 0) {
 		yywarn("ipv4 mask is not contiguous");
 	}