Skip to content

Commit

Permalink
netfilter: nf_tables: reject NFT_SET_ELEM_INTERVAL_END flag for non-i…
Browse files Browse the repository at this point in the history 
…nterval sets

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Patrick McHardy authored and Pablo Neira Ayuso committed Mar 22, 2015
1 parent 16c45ed commit 55df35d
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/netfilter/nf_tables_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3138,6 +3138,9 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
elem.flags = ntohl(nla_get_be32(nla[NFTA_SET_ELEM_FLAGS]));
if (elem.flags & ~NFT_SET_ELEM_INTERVAL_END)
return -EINVAL;
if (!(set->flags & NFT_SET_INTERVAL) &&
elem.flags & NFT_SET_ELEM_INTERVAL_END)
return -EINVAL;
}

if (set->flags & NFT_SET_MAP) {
Expand Down

0 comments on commit 55df35d

Please sign in to comment.