[netfilter-cvslog] r7017 - trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter

kadlec at blackhole.kfki.hu kadlec at blackhole.kfki.hu
Wed Sep 5 13:41:13 CEST 2007


Author: kadlec at blackhole.kfki.hu
Date: 2007-09-05 13:41:12 +0200 (Wed, 05 Sep 2007)
New Revision: 7017

Modified:
   trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c
Log:
Nasty bug fixed: return value of the test function was not converted 
to the match value, thus out of range values was interpreted as 'matched'!


Modified: trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c	2007-09-02 13:15:20 UTC (rev 7016)
+++ trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c	2007-09-05 11:41:12 UTC (rev 7017)
@@ -152,9 +152,10 @@
 	      unsigned char index)
 {
 	ip_set_ip_t port;
+	int res;
 
 	if (flags[index+1] == 0)
-		return -EINVAL;
+		return 0;
 		
 	port = get_port(skb, flags[index+1]);
 
@@ -173,7 +174,7 @@
 	if (port == INVALID_PORT)
 		return 0;	
 
-	return __testip(set,
+	res =  __testip(set,
 			ntohl(flags[index] & IPSET_SRC 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
 					? ip_hdr(skb)->saddr 
@@ -184,6 +185,8 @@
 #endif
 			port,
 			hash_ip);
+	return (res < 0 ? 0 : res);
+	
 }
 
 static inline int




More information about the netfilter-cvslog mailing list