From patchwork Fri Feb 19 03:43:20 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim Gardner <tim.gardner@canonical.com>
X-Patchwork-Id: 45836
X-Patchwork-Delegate: apw@canonical.com
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from chlorine.canonical.com (chlorine.canonical.com
	[91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 3446AB7C33
	for <incoming@patchwork.ozlabs.org>;
	Fri, 19 Feb 2010 14:43:14 +1100 (EST)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
	by chlorine.canonical.com with esmtp (Exim 4.69)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1NiJll-0003bI-IP; Fri, 19 Feb 2010 03:43:09 +0000
Received: from mail.tpi.com ([70.99.223.143])
	by chlorine.canonical.com with esmtp (Exim 4.69)
	(envelope-from <tim.gardner@canonical.com>) id 1NiJlj-0003bD-Bj
	for kernel-team@lists.ubuntu.com; Fri, 19 Feb 2010 03:43:07 +0000
Received: from [10.0.2.5] (unknown [10.0.2.5])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mail.tpi.com (Postfix) with ESMTP id 45E9320F9F0;
	Thu, 18 Feb 2010 19:42:53 -0800 (PST)
Message-ID: <4B7E08D8.4000001@canonical.com>
Date: Thu, 18 Feb 2010 20:43:20 -0700
From: Tim Gardner <tim.gardner@canonical.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Andy Whitcroft <apw@canonical.com>
Subject: [PATCH] xt_recent: Fix false match.
X-Enigmail-Version: 0.95.7
Cc: Kernel team list <kernel-team@lists.ubuntu.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: tim.gardner@canonical.com
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

If verified, then I'll send it upstream. Its also worthy of a pre-stable
patch.

rtg
Acked-by: Amit Kucheria <amit.kucheria@canonical.com>
Acked-by: Colin King <colin.king@canonical.com>

From 146111514a8c126268e848e45b7dd967329b072f Mon Sep 17 00:00:00 2001
From: Tim Gardner <tim.gardner@canonical.com>
Date: Thu, 18 Feb 2010 20:33:00 -0700
Subject: [PATCH] xt_recent: Fix false match.

A rule with a zero hit_count will always match.

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Cc: stable@kernel.org
---
 net/netfilter/xt_recent.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 1bb0d6c..43e83a4 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 		for (i = 0; i < e->nstamps; i++) {
 			if (info->seconds && time_after(time, e->stamps[i]))
 				continue;
-			if (++hits >= info->hit_count) {
+			if (info->hit_count && ++hits >= info->hit_count) {
 				ret = !ret;
 				break;
 			}
-- 
1.6.2.4