From 52b1872a45be6e799bb7124ee5201a187319487c Mon Sep 17 00:00:00 2001
From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Date: Mon, 17 Jun 2013 21:23:12 +0200
Subject: nat: xml: fix crash during parsing if non-mandatory element is not
 present

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/expr/nat.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/expr')

diff --git a/src/expr/nat.c b/src/expr/nat.c
index 6ccdd13..7c4cf37 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -268,7 +268,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_addr_min_v4>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_addr_min_v4", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
 			mxmlDelete(tree);
@@ -282,7 +282,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_addr_max_v4>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_addr_max_v4", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
 			mxmlDelete(tree);
@@ -296,7 +296,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_proto_min>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_proto_min", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
 			mxmlDelete(tree);
@@ -310,7 +310,7 @@ static int nft_rule_expr_nat_xml_parse(struct nft_rule_expr *e, char *xml)
 	/* Get and set <sreg_proto_max>. Not mandatory */
 	node = mxmlFindElement(tree, tree, "sreg_proto_max", NULL, NULL,
 			       MXML_DESCEND);
-	if (node == NULL) {
+	if (node != NULL) {
 		tmp = strtoull(node->child->value.opaque, &endptr, 10);
 		if (tmp > UINT32_MAX || tmp < 0 || *endptr) {
 			mxmlDelete(tree);
-- 
cgit v1.2.3