From 5a7bfa4c830ab7263c40432fbd9223ee44dc69f3 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Wed, 14 Aug 2013 16:07:49 +0200 Subject: Validate the set family and not the set type family at swapping. Bug reported by Quentin Armitage, netfilter bugzilla id #843. --- kernel/net/netfilter/ipset/ip_set_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kernel') diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 0329dae..4c95bb8 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -1058,7 +1058,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, * Not an artifical restriction anymore, as we must prevent * possible loops created by swapping in setlist type of sets. */ if (!(from->type->features == to->type->features && - from->type->family == to->type->family)) + from->family == to->family)) return -IPSET_ERR_TYPE_MISMATCH; strncpy(from_name, from->name, IPSET_MAXNAMELEN); -- cgit v1.2.3