summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-09-16 20:07:35 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2013-09-16 20:36:05 +0200
commit169faa2e19478b02027df04582ec7543dba1dd16 (patch)
tree252409d49a716aaff5354b87f2105aae716e014e
parent0f1799ba1a5db4c48b72ac2da2dc70d8c190a73d (diff)
downloadlinux-169faa2e19478b02027df04582ec7543dba1dd16.tar.gz
linux-169faa2e19478b02027df04582ec7543dba1dd16.tar.bz2
linux-169faa2e19478b02027df04582ec7543dba1dd16.zip
netfilter: ipset: Validate the set family and not the set type family at swapping
This closes netfilter bugzilla #843, reported by Quentin Armitage. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
-rw-r--r--net/netfilter/ipset/ip_set_core.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index c8c303c3386f..f2e30fb31e78 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1052,7 +1052,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb,
* Not an artificial restriction anymore, as we must prevent
* possible loops created by swapping in setlist type of sets. */
if (!(from->type->features == to->type->features &&
- from->type->family == to->type->family))
+ from->family == to->family))
return -IPSET_ERR_TYPE_MISMATCH;
strncpy(from_name, from->name, IPSET_MAXNAMELEN);