From: Jan Engelhardt Date: Wed, 27 Feb 2008 20:09:05 +0000 (-0800) Subject: [NETFILTER]: xt_conntrack: fix missing boolean clamping X-Git-Tag: v2.6.25-rc4~148^2~30 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=d61f89e9417e68caf9ca801606694c1c960ad179;p=linux-2.6-omap-h63xx.git [NETFILTER]: xt_conntrack: fix missing boolean clamping Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 85330856a29..dd192ac74b4 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c @@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in, if (test_bit(IPS_DST_NAT_BIT, &ct->status)) statebit |= XT_CONNTRACK_STATE_DNAT; } - if ((info->state_mask & statebit) ^ + if (!!(info->state_mask & statebit) ^ !(info->invert_flags & XT_CONNTRACK_STATE)) return false; }