From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Sat, 11 Jun 2016 04:20:26 +0000 (+0800)
Subject: netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_set
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=a46844021f6182cca7b575295ba33a4734b1b9d9;p=linux-beck.git

netfilter: nf_tables: fix wrong check of NFT_SET_MAP in nf_tables_bind_set

We should check "i" is used as a dictionary or not, "binding" is already
checked before.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 7b7aa871a174..492f6f8efdda 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2946,7 +2946,7 @@ int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set,
 		 * jumps are already validated for that chain.
 		 */
 		list_for_each_entry(i, &set->bindings, list) {
-			if (binding->flags & NFT_SET_MAP &&
+			if (i->flags & NFT_SET_MAP &&
 			    i->chain == binding->chain)
 				goto bind;
 		}