[PATCH] xt_recent: Fix false match.
Amit Kucheria
amit.kucheria at canonical.com
Fri Feb 19 08:39:10 UTC 2010
On 10 Feb 18, Tim Gardner wrote:
> If verified, then I'll send it upstream. Its also worthy of a pre-stable
> patch.
>
> rtg
> --
> Tim Gardner tim.gardner at canonical.com
> From 146111514a8c126268e848e45b7dd967329b072f Mon Sep 17 00:00:00 2001
> From: Tim Gardner <tim.gardner at canonical.com>
> Date: Thu, 18 Feb 2010 20:33:00 -0700
> Subject: [PATCH] xt_recent: Fix false match.
>
> A rule with a zero hit_count will always match.
>
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> Cc: stable at kernel.org
> ---
> net/netfilter/xt_recent.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
> index 1bb0d6c..43e83a4 100644
> --- a/net/netfilter/xt_recent.c
> +++ b/net/netfilter/xt_recent.c
> @@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
> for (i = 0; i < e->nstamps; i++) {
> if (info->seconds && time_after(time, e->stamps[i]))
> continue;
> - if (++hits >= info->hit_count) {
> + if (info->hit_count && ++hits >= info->hit_count) {
> ret = !ret;
> break;
> }
> --
> 1.6.2.4
>
Looks correct.
Acked-by: Amit Kucheria <amit.kucheria at canonical.com>
--
----------------------------------------------------------------------
Amit Kucheria, Kernel Engineer || amit.kucheria at canonical.com
----------------------------------------------------------------------
More information about the kernel-team
mailing list