Skip to content

Commit

Permalink
netfilter: ipset: Validate the set family and not the set type family…
Browse files Browse the repository at this point in the history 
… at swapping

This closes netfilter bugzilla #843, reported by Quentin Armitage.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
  • Loading branch information
Jozsef Kadlecsik committed Sep 16, 2013
1 parent 0f1799b commit 169faa2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/ipset/ip_set_core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1052,7 +1052,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb,
* Not an artificial restriction anymore, as we must prevent
* possible loops created by swapping in setlist type of sets. */
if (!(from->type->features == to->type->features &&
from->type->family == to->type->family))
from->family == to->family))
return -IPSET_ERR_TYPE_MISMATCH;

strncpy(from_name, from->name, IPSET_MAXNAMELEN);
Expand Down

0 comments on commit 169faa2

Please sign in to comment.