Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit afefb6f9 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nft_compat: use the match->table to validate dependencies 



Instead of the match->name, which is of course not relevant.

Fixes: f3f5dded ("netfilter: nft_compat: validate chain type in match/target")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c918687f

net/netfilter/nft_compat.c

+2 −2
Original line number Diff line number Diff line
@@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, 
	union nft_entry e = {};

	int ret;



	ret = nft_compat_chain_validate_dependency(match->name, ctx->chain);

	ret = nft_compat_chain_validate_dependency(match->table, ctx->chain);

	if (ret < 0)

		goto err;
@@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx, 
		if (!(hook_mask & match->hooks))

			return -EINVAL;



		ret = nft_compat_chain_validate_dependency(match->name,

		ret = nft_compat_chain_validate_dependency(match->table,

							   ctx->chain);

		if (ret < 0)

			return ret;