Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 169faa2e authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik
Browse files

netfilter: ipset: Validate the set family and not the set type family at swapping 



This closes netfilter bugzilla #843, reported by Quentin Armitage.

Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent 0f1799ba

net/netfilter/ipset/ip_set_core.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -1052,7 +1052,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb, 
	 * Not an artificial restriction anymore, as we must prevent

	 * Not an artificial restriction anymore, as we must prevent

	 * possible loops created by swapping in setlist type of sets. */

	 * possible loops created by swapping in setlist type of sets. */

	if (!(from->type->features == to->type->features &&

	if (!(from->type->features == to->type->features &&

	      from->type->family == to->type->family))

	      from->family == to->family))

		return -IPSET_ERR_TYPE_MISMATCH;

		return -IPSET_ERR_TYPE_MISMATCH;





	strncpy(from_name, from->name, IPSET_MAXNAMELEN);

	strncpy(from_name, from->name, IPSET_MAXNAMELEN);