From 1de82a88a154a7856506f5644795aa165294c9bc Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Tue, 29 Sep 2009 22:58:35 +0200
Subject: [PATCH] pknock: avoid accidental deletion of rules

If DEBUG was not defined, and no rule was effectively found, the
"rule" variable may still be non-NULL, and possibly cause deletion.
Therefore, always check for the rule having been found.
---
 extensions/xt_pknock.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c
index 1d3fb08..d2bae1c 100644
--- a/extensions/xt_pknock.c
+++ b/extensions/xt_pknock.c
@@ -451,9 +451,7 @@ remove_rule(struct ipt_pknock *info)
 	struct list_head *pos = NULL, *n = NULL;
 	struct peer *peer = NULL;
 	int i;
-#if DEBUG
 	int found = 0;
-#endif
 	int hash = pknock_hash(info->rule_name, info->rule_name_len,
                                 ipt_pknock_hash_rnd, rule_hashsize);
 
@@ -463,19 +461,17 @@ remove_rule(struct ipt_pknock *info)
 		rule = list_entry(pos, struct ipt_pknock_rule, head);
 
 		if (rulecmp(info, rule) == 0) {
-#if DEBUG
 			found = 1;
-#endif
 			rule->ref_count--;
 			break;
 		}
 	}
-#if DEBUG
 	if (!found) {
+#if DEBUG
 		printk(KERN_INFO PKNOCK "(N) rule not found: %s.\n", info->rule_name);
+#endif
 		return;
 	}
-#endif
 	if (rule && rule->ref_count == 0) {
 		hashtable_for_each_safe(pos, n, rule->peer_head, peer_hashsize, i) {
 			peer = list_entry(pos, struct peer, head);