forked from Minki/linux
netfilter: nft_compat: use the match->table to validate dependencies
Instead of the match->name, which is of course not relevant.
Fixes: f3f5dde
("netfilter: nft_compat: validate chain type in match/target")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c918687f5e
commit
afefb6f928
@ -346,7 +346,7 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
||||
union nft_entry e = {};
|
||||
int ret;
|
||||
|
||||
ret = nft_compat_chain_validate_dependency(match->name, ctx->chain);
|
||||
ret = nft_compat_chain_validate_dependency(match->table, ctx->chain);
|
||||
if (ret < 0)
|
||||
goto err;
|
||||
|
||||
@ -420,7 +420,7 @@ static int nft_match_validate(const struct nft_ctx *ctx,
|
||||
if (!(hook_mask & match->hooks))
|
||||
return -EINVAL;
|
||||
|
||||
ret = nft_compat_chain_validate_dependency(match->name,
|
||||
ret = nft_compat_chain_validate_dependency(match->table,
|
||||
ctx->chain);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
Loading…
Reference in New Issue
Block a user