2 files changed, 19 insertions, 11 deletions
diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c
index 0989f29ade2..8f6014f7c88 100644
--- a/net/netfilter/xt_dccp.c
+++ b/net/netfilter/xt_dccp.c
@@ -127,9 +127,13 @@ static bool dccp_mt_check(const struct xt_mtchk_param *par)
 {
        const struct xt_dccp_info *info = par->matchinfo;
-        return !(info->flags & ~XT_DCCP_VALID_FLAGS)
+        if (info->flags & ~XT_DCCP_VALID_FLAGS)
-                && !(info->invflags & ~XT_DCCP_VALID_FLAGS)
+                return false;
-                && !(info->invflags & ~info->flags);
+        if (info->invflags & ~XT_DCCP_VALID_FLAGS)
+                return false;
+        if (info->invflags & ~info->flags)
+                return false;
+        return true;
 }
 static struct xt_match dccp_mt_reg[] __read_mostly = {
diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index 43c7e1de532..977b182dea5 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -148,14 +148,18 @@ static bool sctp_mt_check(const struct xt_mtchk_param *par)
 {
        const struct xt_sctp_info *info = par->matchinfo;
-        return !(info->flags & ~XT_SCTP_VALID_FLAGS)
+        if (info->flags & ~XT_SCTP_VALID_FLAGS)
-                && !(info->invflags & ~XT_SCTP_VALID_FLAGS)
+                return false;
-                && !(info->invflags & ~info->flags)
+        if (info->invflags & ~XT_SCTP_VALID_FLAGS)
-                && ((!(info->flags & XT_SCTP_CHUNK_TYPES)) ||
+                return false;
-                        (info->chunk_match_type &
+        if (info->invflags & ~info->flags)
-                                (SCTP_CHUNK_MATCH_ALL
+                return false;
-                                | SCTP_CHUNK_MATCH_ANY
+        if (!(info->flags & XT_SCTP_CHUNK_TYPES))
-                                | SCTP_CHUNK_MATCH_ONLY)));
+                return true;
+        if (info->chunk_match_type & (SCTP_CHUNK_MATCH_ALL |
+            SCTP_CHUNK_MATCH_ANY | SCTP_CHUNK_MATCH_ONLY))
+                return true;
+        return false;
 }
 static struct xt_match sctp_mt_reg[] __read_mostly = {

diff --git a/net/netfilter/xt_dccp.c b/net/netfilter/xt_dccp.c index 0989f29ade2..8f6014f7c88 100644 --- a/net/netfilter/xt_dccp.c +++ b/net/netfilter/xt_dccp.c
@@ -127,9 +127,13 @@ static bool dccp_mt_check(const struct xt_mtchk_param *par)
127	{	127	{
128	const struct xt_dccp_info *info = par->matchinfo;	128	const struct xt_dccp_info *info = par->matchinfo;
129		129
130	return !(info->flags & ~XT_DCCP_VALID_FLAGS)	130	if (info->flags & ~XT_DCCP_VALID_FLAGS)
131	&& !(info->invflags & ~XT_DCCP_VALID_FLAGS)	131	return false;
132	&& !(info->invflags & ~info->flags);	132	if (info->invflags & ~XT_DCCP_VALID_FLAGS)
		133	return false;
		134	if (info->invflags & ~info->flags)
		135	return false;
		136	return true;
133	}	137	}
134		138
135	static struct xt_match dccp_mt_reg[] __read_mostly = {	139	static struct xt_match dccp_mt_reg[] __read_mostly = {


diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 43c7e1de532..977b182dea5 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c
@@ -148,14 +148,18 @@ static bool sctp_mt_check(const struct xt_mtchk_param *par)
148	{	148	{
149	const struct xt_sctp_info *info = par->matchinfo;	149	const struct xt_sctp_info *info = par->matchinfo;
150		150
151	return !(info->flags & ~XT_SCTP_VALID_FLAGS)	151	if (info->flags & ~XT_SCTP_VALID_FLAGS)
152	&& !(info->invflags & ~XT_SCTP_VALID_FLAGS)	152	return false;
153	&& !(info->invflags & ~info->flags)	153	if (info->invflags & ~XT_SCTP_VALID_FLAGS)
154	&& ((!(info->flags & XT_SCTP_CHUNK_TYPES)) \|\|	154	return false;
155	(info->chunk_match_type &	155	if (info->invflags & ~info->flags)
156	(SCTP_CHUNK_MATCH_ALL	156	return false;
157	\| SCTP_CHUNK_MATCH_ANY	157	if (!(info->flags & XT_SCTP_CHUNK_TYPES))
158	\| SCTP_CHUNK_MATCH_ONLY)));	158	return true;
		159	if (info->chunk_match_type & (SCTP_CHUNK_MATCH_ALL \|
		160	SCTP_CHUNK_MATCH_ANY \| SCTP_CHUNK_MATCH_ONLY))
		161	return true;
		162	return false;
159	}	163	}
160		164
161	static struct xt_match sctp_mt_reg[] __read_mostly = {	165	static struct xt_match sctp_mt_reg[] __read_mostly = {