diff options
| author | Tim Gardner <tim.gardner@canonical.com> | 2010-02-23 08:59:12 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-03-15 12:06:40 -0400 |
| commit | b4f71387a3cd3511b25613b91a415b46580448f9 (patch) | |
| tree | fe50c4248da72ae95a2ee0537920a14afd24a4f9 | |
| parent | 437ccbe9b5cb9c2df272c6ff7a55ef494c2d0d67 (diff) | |
netfilter: xt_recent: fix false match
commit 8ccb92ad41cb311e52ad1b1fe77992c7f47a3b63 upstream.
A rule with a zero hit_count will always match.
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | net/netfilter/xt_recent.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index 1bb0d6c8438c..43e83a44224d 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c | |||
| @@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 260 | for (i = 0; i < e->nstamps; i++) { | 260 | for (i = 0; i < e->nstamps; i++) { |
| 261 | if (info->seconds && time_after(time, e->stamps[i])) | 261 | if (info->seconds && time_after(time, e->stamps[i])) |
| 262 | continue; | 262 | continue; |
| 263 | if (++hits >= info->hit_count) { | 263 | if (info->hit_count && ++hits >= info->hit_count) { |
| 264 | ret = !ret; | 264 | ret = !ret; |
| 265 | break; | 265 | break; |
| 266 | } | 266 | } |