From: Maks Mishin <maks.mishinfz@gmail.com>
Date: Wed, 15 May 2024 20:25:03 +0000 (+0300)
Subject: evaluate: Fix incorrect checking the `base` variable in case of IPV6
X-Git-Tag: v1.0.6.1~206
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad27e95ec786547d8cecdf95c0928e612af028ee;p=thirdparty%2Fnftables.git

evaluate: Fix incorrect checking the `base` variable in case of IPV6

commit f6b579344eee17e5587b6a7fcc444fe997cd8cb6 upstream.

Found by RASU JSC.

Fixes: 2b29ea5f3c3e ("src: ct: add eval part to inject dependencies for ct saddr/daddr")
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 231d0eed..1cac3fdc 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1008,7 +1008,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
 		base = ctx->pctx.protocol[PROTO_BASE_NETWORK_HDR].desc;
 		if (base == &proto_ip)
 			ct->ct.nfproto = NFPROTO_IPV4;
-		else if (base == &proto_ip)
+		else if (base == &proto_ip6)
 			ct->ct.nfproto = NFPROTO_IPV6;
 
 		if (base)