diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-16 14:07:35 -0400 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-16 14:36:05 -0400 |
| commit | 169faa2e19478b02027df04582ec7543dba1dd16 (patch) | |
| tree | 252409d49a716aaff5354b87f2105aae716e014e /net | |
| parent | 0f1799ba1a5db4c48b72ac2da2dc70d8c190a73d (diff) | |
netfilter: ipset: Validate the set family and not the set type family at swapping
This closes netfilter bugzilla #843, reported by Quentin Armitage.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index c8c303c3386f..f2e30fb31e78 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c | |||
| @@ -1052,7 +1052,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, | |||
| 1052 | * Not an artificial restriction anymore, as we must prevent | 1052 | * Not an artificial restriction anymore, as we must prevent |
| 1053 | * possible loops created by swapping in setlist type of sets. */ | 1053 | * possible loops created by swapping in setlist type of sets. */ |
| 1054 | if (!(from->type->features == to->type->features && | 1054 | if (!(from->type->features == to->type->features && |
| 1055 | from->type->family == to->type->family)) | 1055 | from->family == to->family)) |
| 1056 | return -IPSET_ERR_TYPE_MISMATCH; | 1056 | return -IPSET_ERR_TYPE_MISMATCH; |
| 1057 | 1057 | ||
| 1058 | strncpy(from_name, from->name, IPSET_MAXNAMELEN); | 1058 | strncpy(from_name, from->name, IPSET_MAXNAMELEN); |