Validate the set family and not the set type family at swapping.

author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Wed, 14 Aug 2013 14:07:49 +0000 (16:07 +0200)

committer Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Wed, 14 Aug 2013 14:07:49 +0000 (16:07 +0200)
author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Wed, 14 Aug 2013 14:07:49 +0000 (16:07 +0200)
committer Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Wed, 14 Aug 2013 14:07:49 +0000 (16:07 +0200)
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c

index 0329dae32841fd64a6f6c0eb29cf16b4c2ba10b8..4c95bb8aecf4467caa04161a8ccf6b3a7f21762e 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1058,7 +1058,7 @@ ip_set_swap(struct sock *ctnl, struct sk_buff *skb,
          * Not an artifical restriction anymore, as we must prevent
          * possible loops created by swapping in setlist type of sets. */
         if (!(from->type->features == to->type->features &&
-             from->type->family == to->type->family))
+             from->family == to->family))
                 return -IPSET_ERR_TYPE_MISMATCH;
  
         strncpy(from_name, from->name, IPSET_MAXNAMELEN);
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Wed, 14 Aug 2013 14:07:49 +0000 (16:07 +0200)
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Wed, 14 Aug 2013 14:07:49 +0000 (16:07 +0200)