Commit 78913e29 authored Aug 09, 2022 by Pablo Neira Ayuso Committed by Greg Kroah-Hartman Aug 25, 2022

netfilter: nf_tables: really skip inactive sets when allocating name

commit 271c5ca826e0c3c53e0eb4032f8eaedea1ee391c upstream.

While looping to build the bitmap of used anonymous set names, check the
current set in the iteration, instead of the one that is being created.

Fixes: 37a9cc52 ("netfilter: nf_tables: add generation mask to sets")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 53d60751

net/netfilter/nf_tables_api.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2515,7 +2515,7 @@ static int nf_tables_set_alloc_name(struct nft_ctx ctx, struct nft_set set,
		list_for_each_entry(i, &ctx->table->sets, list) {
		int tmp;

		if (!nft_is_active_next(ctx->net, set))
		if (!nft_is_active_next(ctx->net, i))
		continue;
		if (!sscanf(i->name, name, &tmp))
		continue;