summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorLiping Zhang <liping.zhang@spreadtrum.com>2016-06-11 12:20:26 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2016-06-15 12:17:23 +0200
commita46844021f6182cca7b575295ba33a4734b1b9d9 (patch)
tree7a7e003bd5f68e3e056edec1155e2805a526bb96 /net
parent775711497202fe376368c25b0c7296ed8803e0ba (diff)
downloadlinux-a46844021f6182cca7b575295ba33a4734b1b9d9.tar.bz2
netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_set
We should check "i" is used as a dictionary or not, "binding" is already checked before. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 7b7aa871a174..492f6f8efdda 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2946,7 +2946,7 @@ int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set,
* jumps are already validated for that chain.
*/
list_for_each_entry(i, &set->bindings, list) {
- if (binding->flags & NFT_SET_MAP &&
+ if (i->flags & NFT_SET_MAP &&
i->chain == binding->chain)
goto bind;
}