netfilter: ip6t_NPT: Fix prefix mangling

Make sure only the bits that are part of the prefix are mangled. Signed-off-by: YOSHIFUJI Hideaki <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
klaby · Feb 7, 2013 · d4c38fa · d4c38fa
1 parent f5271ff
commit d4c38fa
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
@@ -51,7 +51,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
 
 		idx = i / 32;
 		addr->s6_addr32[idx] &= mask;
-		addr->s6_addr32[idx] |= npt->dst_pfx.in6.s6_addr32[idx];
+		addr->s6_addr32[idx] |= ~mask & npt->dst_pfx.in6.s6_addr32[idx];
 	}
 
 	if (pfx_len <= 48)