diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-08-14 16:07:49 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-08-14 16:07:49 +0200 |
commit | 5a7bfa4c830ab7263c40432fbd9223ee44dc69f3 (patch) | |
tree | 59e92fe19e05bd14f0fbfd1e6df473a929d256e6 /kernel/net | |
parent | 40b22a6f6ab6ac2ac75627e6943f9ff3584ab3fd (diff) |
Validate the set family and not the set type family at swapping.
Bug reported by Quentin Armitage, netfilter bugzilla id #843.
Diffstat (limited to 'kernel/net')
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 0329dae..4c95bb8 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -1058,7 +1058,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, * Not an artifical restriction anymore, as we must prevent * possible loops created by swapping in setlist type of sets. */ if (!(from->type->features == to->type->features && - from->type->family == to->type->family)) + from->family == to->family)) return -IPSET_ERR_TYPE_MISMATCH; strncpy(from_name, from->name, IPSET_MAXNAMELEN); |