From patchwork Mon Sep 16 18:47:58 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jozsef Kadlecsik X-Patchwork-Id: 275267 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C62832C00EA for ; Tue, 17 Sep 2013 04:48:03 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751257Ab3IPSsB (ORCPT ); Mon, 16 Sep 2013 14:48:01 -0400 Received: from smtp-in.kfki.hu ([148.6.0.25]:56913 "EHLO smtp0.kfki.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750799Ab3IPSsA (ORCPT ); Mon, 16 Sep 2013 14:48:00 -0400 Received: from localhost (localhost [127.0.0.1]) by smtp0.kfki.hu (Postfix) with ESMTP id 8FF0A880B5; Mon, 16 Sep 2013 20:47:59 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at smtp0.kfki.hu Received: from smtp0.kfki.hu ([127.0.0.1]) by localhost (smtp0.kfki.hu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id itD+lMe3w44u; Mon, 16 Sep 2013 20:47:59 +0200 (CEST) Received: from blackhole.kfki.hu (blackhole.kfki.hu [148.6.0.114]) by smtp0.kfki.hu (Postfix) with ESMTP id 4695C880B7; Mon, 16 Sep 2013 20:47:59 +0200 (CEST) Received: by blackhole.kfki.hu (Postfix, from userid 1000) id 2D966208186; Mon, 16 Sep 2013 20:47:59 +0200 (CEST) From: Jozsef Kadlecsik To: netfilter-devel@vger.kernel.org Cc: Pablo Neira Ayuso Subject: [PATCH 3/4] netfilter: ipset: Validate the set family and not the set type family at swapping Date: Mon, 16 Sep 2013 20:47:58 +0200 Message-Id: <1379357279-13361-4-git-send-email-kadlec@blackhole.kfki.hu> X-Mailer: git-send-email 1.7.0.4 In-Reply-To: <1379357279-13361-1-git-send-email-kadlec@blackhole.kfki.hu> References: <1379357279-13361-1-git-send-email-kadlec@blackhole.kfki.hu> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This closes netfilter bugzilla #843, reported by Quentin Armitage. Signed-off-by: Jozsef Kadlecsik --- net/netfilter/ipset/ip_set_core.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index c8c303c..f2e30fb 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1052,7 +1052,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, * Not an artificial restriction anymore, as we must prevent * possible loops created by swapping in setlist type of sets. */ if (!(from->type->features == to->type->features && - from->type->family == to->type->family)) + from->family == to->family)) return -IPSET_ERR_TYPE_MISMATCH; strncpy(from_name, from->name, IPSET_MAXNAMELEN);