netfilter: nft_nat: don't dump port information if unset

Don't include port information attributes if they are unset. Reported-by: N Ana Rey <anarey@gmail.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nft_nat: don't dump port information if unset
Don't include port information attributes if they are unset. Reported-by: N Ana Rey <anarey@gmail.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
91513606 · Pablo Neira Ayuso · 6403d962 · 91513606
隐藏空白更改
内联并排

Showing with 8 addition and 6 deletion

net/netfilter/nft_nat.c net/netfilter/nft_nat.c +8 -6

未找到文件。
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -175,12 +175,14 @@ static int nft_nat_dump(struct sk_buff *skb, const struct nft_expr *expr)
 	if (nla_put_be32(skb,
 			 NFTA_NAT_REG_ADDR_MAX, htonl(priv->sreg_addr_max)))
 		goto nla_put_failure;
-	if (nla_put_be32(skb,
-			 NFTA_NAT_REG_PROTO_MIN, htonl(priv->sreg_proto_min)))
-		goto nla_put_failure;
-	if (nla_put_be32(skb,
-			 NFTA_NAT_REG_PROTO_MAX, htonl(priv->sreg_proto_max)))
-		goto nla_put_failure;
+	if (priv->sreg_proto_min) {
+		if (nla_put_be32(skb, NFTA_NAT_REG_PROTO_MIN,
+				 htonl(priv->sreg_proto_min)))
+			goto nla_put_failure;
+		if (nla_put_be32(skb, NFTA_NAT_REG_PROTO_MAX,
+				 htonl(priv->sreg_proto_max)))
+			goto nla_put_failure;
+	}
 	return 0;

 nla_put_failure: