From a46844021f6182cca7b575295ba33a4734b1b9d9 Mon Sep 17 00:00:00 2001 From: Liping Zhang Date: Sat, 11 Jun 2016 12:20:26 +0800 Subject: netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_set We should check "i" is used as a dictionary or not, "binding" is already checked before. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 7b7aa871a174..492f6f8efdda 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2946,7 +2946,7 @@ int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set, * jumps are already validated for that chain. */ list_for_each_entry(i, &set->bindings, list) { - if (binding->flags & NFT_SET_MAP && + if (i->flags & NFT_SET_MAP && i->chain == binding->chain) goto bind; } -- cgit v1.2.3