[NETFILTER]: xt_conntrack: fix missing boolean clamping

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 85330856a29c52065771c413737f958639d7cd20..dd192ac74b4aebfabc39bdb179d5b6dc608dd783 100644 (file)
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in,
                        if (test_bit(IPS_DST_NAT_BIT, &ct->status))
                                statebit |= XT_CONNTRACK_STATE_DNAT;
                }
-               if ((info->state_mask & statebit) ^
+               if (!!(info->state_mask & statebit) ^
                    !(info->invert_flags & XT_CONNTRACK_STATE))
                        return false;
        }