Prev: [084/116] PCI: fix return value from pcix_get_max_mmrbc()
Next: [064/116] USB: EHCI: fix ITD list order
From: Greg KH on 30 Mar 2010 20:10
2.6.32-stable review patch. If anyone has any objections, please let us know.

------------------

From: Patrick McHardy <kaber(a)trash.net>

commit ef1691504c83ba3eb636c0cfd3ed33f7a6d0b4ee upstream.

Commit 8ccb92ad (netfilter: xt_recent: fix false match) fixed supposedly
false matches in rules using a zero hit_count. As it turns out there is
nothing false about these matches and people are actually using entries
with a hit_count of zero to make rules dependant on addresses inserted
manually through /proc.

Since this slipped past the eyes of three reviewers, instead of
reverting the commit in question, this patch explicitly checks
for a hit_count of zero to make the intentions more clear.

Reported-by: Thomas Jarosch <thomas.jarosch(a)intra2net.com>
Tested-by: Thomas Jarosch <thomas.jarosch(a)intra2net.com>
Signed-off-by: Patrick McHardy <kaber(a)trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)suse.de>

---
net/netfilter/xt_recent.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, con
for (i = 0; i < e->nstamps; i++) {
if (info->seconds && time_after(time, e->stamps[i]))
continue;
- if (info->hit_count && ++hits >= info->hit_count) {
+ if (!info->hit_count || ++hits >= info->hit_count) {
ret = !ret;
break;
}


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [084/116] PCI: fix return value from pcix_get_max_mmrbc()
Next: [064/116] USB: EHCI: fix ITD list order