netfilter: xt_recent: fix false match

commit 8ccb92ad41cb311e52ad1b1fe77992c7f47a3b63 upstream. A rule with a zero hit_count will always match. Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Tim Gardner <tim.gardner@canonical.com> 2010-02-23 14:59:12 +0100
committer: Greg Kroah-Hartman <gregkh@suse.de> 2010-03-15 08:50:01 -0700
commit: 58368fc8325ee2a9af4c29e232e319d78903f64b (patch)
tree: 038d7950b79dfadf664bb312bd005cf4896561a5
parent: 6f2deb6aad5e242d5573ae8d98a90a454f5e79d0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index d940a6367c7a..1a3b6508060e 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 		for (i = 0; i < e->nstamps; i++) {
 			if (info->seconds && time_after(time, e->stamps[i]))
 				continue;
-			if (++hits >= info->hit_count) {
+			if (info->hit_count && ++hits >= info->hit_count) {
 				ret = !ret;
 				break;
 			}
author	Tim Gardner <tim.gardner@canonical.com>	2010-02-23 14:59:12 +0100
committer	Greg Kroah-Hartman <gregkh@suse.de>	2010-03-15 08:50:01 -0700
commit	58368fc8325ee2a9af4c29e232e319d78903f64b (patch)
tree	038d7950b79dfadf664bb312bd005cf4896561a5
parent	6f2deb6aad5e242d5573ae8d98a90a454f5e79d0 (diff)