netfilter: nft_set_hash: bogus element self comparison from deactivat…

…ion path Use the element from the loop iteration, not the same element we want to deactivate otherwise this branch always evaluates true. Fixes: 6c03ae2 ("netfilter: nft_set_hash: add non-resizable hashtable implementation") Reported-by: Florian Westphal <fw@strlen.de> Tested-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
mariux64 · Feb 27, 2019 · a01cbae · a01cbae
1 parent 3b02b0a
commit a01cbae
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
@@ -541,7 +541,7 @@ static void *nft_hash_deactivate(const struct net *net,
 
 	hash = nft_jhash(set, priv, &this->ext);
 	hlist_for_each_entry(he, &priv->table[hash], node) {
-		if (!memcmp(nft_set_ext_key(&this->ext), &elem->key.val,
+		if (!memcmp(nft_set_ext_key(&he->ext), &elem->key.val,
 			    set->klen) &&
 		    nft_set_elem_active(&he->ext, genmask)) {
 			nft_set_elem_change_active(net, set, &he->ext);