netfilter: nft_hash: fix nft_hash_deactivate
authorFlorian Westphal <fw@strlen.de>
Thu, 2 Nov 2017 18:04:47 +0000 (19:04 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 6 Nov 2017 15:48:37 +0000 (16:48 +0100)
Jindřich Makovička says:
  The logical OR looks fishy to me. Shouldn't be && there instead?

Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1199
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_set_hash.c

index 0fa01d772c5e2c10c76094bdda80193fca155581..650677f1e53911f97447ca8c496972ab4c39a532 100644 (file)
@@ -494,7 +494,7 @@ static void *nft_hash_deactivate(const struct net *net,
        hash = reciprocal_scale(hash, priv->buckets);
        hlist_for_each_entry(he, &priv->table[hash], node) {
                if (!memcmp(nft_set_ext_key(&this->ext), &elem->key.val,
-                           set->klen) ||
+                           set->klen) &&
                    nft_set_elem_active(&he->ext, genmask)) {
                        nft_set_elem_change_active(net, set, &he->ext);
                        return he;