diff options
author | Amit Pundir <amit.pundir@linaro.org> | 2015-01-20 16:13:08 +0530 |
---|---|---|
committer | Ruchi Kandoi <kandoiruchi@google.com> | 2015-02-04 16:05:39 -0800 |
commit | 80ee94ed7671ffb022abf7034a4d16fa67b91baa (patch) | |
tree | bb52e31731bb307b4e3d2196b734b91ef3906d22 /net/netfilter | |
parent | 2f56ebc631db6bc550be9937cd059dea1bba8917 (diff) |
xt_qtaguid: fix broken uid/gid range check
The existing test to check if current uid/gid is within
valid range is broken due to missing parenthesis.
Change-Id: I889ebbd0e2ea6a9426cb1509a2975e7107666407
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/xt_qtaguid.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c index 0ad8d7a896cf..9664bec1091c 100644 --- a/net/netfilter/xt_qtaguid.c +++ b/net/netfilter/xt_qtaguid.c @@ -1773,8 +1773,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par) kuid_t uid_min = make_kuid(&init_user_ns, info->uid_min); kuid_t uid_max = make_kuid(&init_user_ns, info->uid_max); - if (uid_gte(filp->f_cred->fsuid, uid_min) && - uid_lte(filp->f_cred->fsuid, uid_max) ^ + if ((uid_gte(filp->f_cred->fsuid, uid_min) && + uid_lte(filp->f_cred->fsuid, uid_max)) ^ !(info->invert & XT_QTAGUID_UID)) { MT_DEBUG("qtaguid[%d]: leaving uid not matching\n", par->hooknum); @@ -1786,8 +1786,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par) kgid_t gid_min = make_kgid(&init_user_ns, info->gid_min); kgid_t gid_max = make_kgid(&init_user_ns, info->gid_max); - if (gid_gte(filp->f_cred->fsgid, gid_min) && - gid_lte(filp->f_cred->fsgid, gid_max) ^ + if ((gid_gte(filp->f_cred->fsgid, gid_min) && + gid_lte(filp->f_cred->fsgid, gid_max)) ^ !(info->invert & XT_QTAGUID_GID)) { MT_DEBUG("qtaguid[%d]: leaving gid not matching\n", par->hooknum); |