X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=utils.c;h=875a141cc44fa2e2efb51ca8f3da673d77a5b1d6;hp=d8a881c7552369150aa8da2c80bd68175301d765;hb=6039c7f4b0052c4da21520cdd604f04a5a67f50d;hpb=2807cc26b8e46eef5f23c06534a853dd48183331

diff --git a/utils.c b/utils.c
index d8a881c..875a141 100644
--- a/utils.c
+++ b/utils.c
@@ -1,7 +1,7 @@
 /*
  * firewall3 - 3rd OpenWrt UCI firewall implementation
  *
- *   Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -463,11 +463,6 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 	uci_set(ctx, &ptr);
 
 	ptr.o      = NULL;
-	ptr.option = "conntrack";
-	ptr.value  = z->conntrack ? "1" : "0";
-	uci_set(ctx, &ptr);
-
-	ptr.o      = NULL;
 	ptr.option = "mtu_fix";
 	ptr.value  = z->mtu_fix ? "1" : "0";
 	uci_set(ctx, &ptr);
@@ -490,18 +485,21 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 
 	fw3_foreach(dev, &z->devices)
 	{
+		char *ep;
+
 		if (!dev)
 			continue;
 
 		p = buf;
+		ep = buf + sizeof(buf);
 
 		if (dev->invert)
-			p += sprintf(p, "!");
+			p += snprintf(p, ep - p, "!");
 
 		if (*dev->network)
-			p += sprintf(p, "%s@%s", dev->name, dev->network);
+			p += snprintf(p, ep - p, "%s@%s", dev->name, dev->network);
 		else
-			p += sprintf(p, "%s", dev->name);
+			p += snprintf(p, ep - p, "%s", dev->name);
 
 		ptr.value = buf;
 		uci_add_list(ctx, &ptr);
@@ -529,7 +527,7 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
 
 		for (ifa = ifaddr; ifa; ifa = ifa->ifa_next)
 		{
-			if (strcmp(dev->name, ifa->ifa_name))
+			if (!ifa->ifa_addr || strcmp(dev->name, ifa->ifa_name))
 				continue;
 
 			if (ifa->ifa_addr->sa_family == AF_INET)
@@ -774,6 +772,7 @@ bool
 fw3_bitlen2netmask(int family, int bits, void *mask)
 {
 	int i;
+	uint8_t rem, b;
 	struct in_addr *v4;
 	struct in6_addr *v6;
 
@@ -783,14 +782,17 @@ fw3_bitlen2netmask(int family, int bits, void *mask)
 			return false;
 
 		v6 = mask;
-		i = abs(bits);
+		rem = abs(bits);
 
-		memset(v6->s6_addr, 0xff, i / 8);
-		memset(v6->s6_addr + (i / 8) + 1, 0, (128 - i) / 8);
-		v6->s6_addr[i / 8] = 0xff << (8 - (i & 7));
+		for (i = 0; i < sizeof(v6->s6_addr); i++)
+		{
+			b = (rem > 8) ? 8 : rem;
+			v6->s6_addr[i] = (uint8_t)(0xFF << (8 - b));
+			rem -= b;
+		}
 
 		if (bits < 0)
-			for (i = 0; i < 16; i++)
+			for (i = 0; i < sizeof(v6->s6_addr); i++)
 				v6->s6_addr[i] = ~v6->s6_addr[i];
 	}
 	else
@@ -799,7 +801,7 @@ fw3_bitlen2netmask(int family, int bits, void *mask)
 			return false;
 
 		v4 = mask;
-		v4->s_addr = htonl(~((1 << (32 - abs(bits))) - 1));
+		v4->s_addr = bits ? htonl(~((1 << (32 - abs(bits))) - 1)) : 0;
 
 		if (bits < 0)
 			v4->s_addr = ~v4->s_addr;
@@ -852,7 +854,7 @@ fw3_flush_conntrack(void *state)
 			{
 				for (ifa = ifaddr; ifa && !found; ifa = ifa->ifa_next)
 				{
-					if (strcmp(dev->name, ifa->ifa_name))
+					if (!ifa->ifa_addr || strcmp(dev->name, ifa->ifa_name))
 						continue;
 
 					sin = (struct sockaddr_in *)ifa->ifa_addr;