netfilter: ipset: list:set: fix reference counter update

The last element can be replaced or pushed off and in both cases the reference counter must be updated. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: ipset: list:set: fix reference counter update
The last element can be replaced or pushed off and in both cases the reference counter must be updated. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
02f815cb · Jozsef Kadlecsik · Pablo Neira Ayuso · 3a7b21ea · 02f815cb
Commit 02f815cb authored Apr 09, 2013 by Jozsef Kadlecsik Committed by Pablo Neira Ayuso Apr 09, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

net/netfilter/ipset/ip_set_list_set.c net/netfilter/ipset/ip_set_list_set.c +7 -3

No files found.
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -174,9 +174,13 @@ list_set_add(struct list_set *map, u32 i, ip_set_id_t id,
 {
 	const struct set_elem *e = list_set_elem(map, i);
-	if (i == map->size - 1 && e->id != IPSET_INVALID_ID)
+	if (e->id != IPSET_INVALID_ID) {
-		/* Last element replaced: e.g. add new,before,last */
+		const struct set_elem *x = list_set_elem(map, map->size - 1);
-		ip_set_put_byindex(e->id);
+		/* Last element replaced or pushed off */
+		if (x->id != IPSET_INVALID_ID)
+			ip_set_put_byindex(x->id);
+	}
 	if (with_timeout(map->timeout))
 		list_elem_tadd(map, i, id, ip_set_timeout_set(timeout));
 	else