Skip to content

L
linux
Commit afefb6f9 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files
Options

netfilter: nft_compat: use the match->table to validate dependencies 

Instead of the match->name, which is of course not relevant.

Fixes: f3f5dded ("netfilter: nft_compat: validate chain type in match/target")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c918687f
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
net/netfilter/nft_compat.c
View file @ afefb6f9
...@@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, ...@@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
union nft_entry e = {}; union nft_entry e = {};
int ret; int ret;
ret = nft_compat_chain_validate_dependency(match->name, ctx->chain); ret = nft_compat_chain_validate_dependency(match->table, ctx->chain);
if (ret < 0) if (ret < 0)
goto err; goto err;
...@@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx, ...@@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx,
if (!(hook_mask & match->hooks)) if (!(hook_mask & match->hooks))
return -EINVAL; return -EINVAL;
ret = nft_compat_chain_validate_dependency(match->name, ret = nft_compat_chain_validate_dependency(match->table,
ctx->chain); ctx->chain);
if (ret < 0) if (ret < 0)
return ret; return ret;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7