netfilter: ipset: Use the stored first cidr value instead of '1'

The stored cidr values are tried one after anoter. The boolean
condition evaluated to '1' instead of the first stored cidr or
the default host cidr.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
index 4743e5402522fb6793c2022ade4bed020b240295..565a7c5b8818a22038f9a4f1b87c03a0cf8c31ad 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -146,8 +146,9 @@ hash_ipportnet4_kadt(struct ip_set *set, const struct sk_buff *skb,
 {
        const struct ip_set_hash *h = set->data;
        ipset_adtfn adtfn = set->variant->adt[adt];
-       struct hash_ipportnet4_elem data =
-               { .cidr = h->nets[0].cidr || HOST_MASK };
+       struct hash_ipportnet4_elem data = {
+               .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
+       };
 
        if (data.cidr == 0)
                return -EINVAL;
@@ -394,8 +395,9 @@ hash_ipportnet6_kadt(struct ip_set *set, const struct sk_buff *skb,
 {
        const struct ip_set_hash *h = set->data;
        ipset_adtfn adtfn = set->variant->adt[adt];
-       struct hash_ipportnet6_elem data =
-               { .cidr = h->nets[0].cidr || HOST_MASK };
+       struct hash_ipportnet6_elem data = {
+               .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
+       };
 
        if (data.cidr == 0)
                return -EINVAL;

diff --git a/net/netfilter/ipset/ip_set_hash_net.c b/net/netfilter/ipset/ip_set_hash_net.c
index c4db202b7da4bcaefc22e9c637e3a242233c5c9e..2aeeabcd5a211af76b3dd4c6c5eabda69ea97705 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_net.c
+++ b/net/netfilter/ipset/ip_set_hash_net.c
@@ -131,7 +131,9 @@ hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb,
 {
        const struct ip_set_hash *h = set->data;
        ipset_adtfn adtfn = set->variant->adt[adt];
-       struct hash_net4_elem data = { .cidr = h->nets[0].cidr || HOST_MASK };
+       struct hash_net4_elem data = {
+               .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
+       };
 
        if (data.cidr == 0)
                return -EINVAL;
@@ -296,7 +298,9 @@ hash_net6_kadt(struct ip_set *set, const struct sk_buff *skb,
 {
        const struct ip_set_hash *h = set->data;
        ipset_adtfn adtfn = set->variant->adt[adt];
-       struct hash_net6_elem data = { .cidr = h->nets[0].cidr || HOST_MASK };
+       struct hash_net6_elem data = {
+               .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
+       };
 
        if (data.cidr == 0)
                return -EINVAL;

diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c
index d2a40362dd3aadb6510ff1603a42e132eeeb5c7a..e50d9bb8820b24c7bb4bda72429eddd4ce746dfd 100644 (file)
--- a/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/net/netfilter/ipset/ip_set_hash_netport.c
@@ -144,7 +144,8 @@ hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb,
        const struct ip_set_hash *h = set->data;
        ipset_adtfn adtfn = set->variant->adt[adt];
        struct hash_netport4_elem data = {
-               .cidr = h->nets[0].cidr || HOST_MASK };
+               .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
+       };
 
        if (data.cidr == 0)
                return -EINVAL;
@@ -357,7 +358,8 @@ hash_netport6_kadt(struct ip_set *set, const struct sk_buff *skb,
        const struct ip_set_hash *h = set->data;
        ipset_adtfn adtfn = set->variant->adt[adt];
        struct hash_netport6_elem data = {
-               .cidr = h->nets[0].cidr || HOST_MASK };
+               .cidr = h->nets[0].cidr ? h->nets[0].cidr : HOST_MASK
+       };
 
        if (data.cidr == 0)
                return -EINVAL;