projects / platform / kernel / linux-starfive.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: nf_tables: limit allowed range via nla_policy
[platform/kernel/linux-starfive.git] / net / netfilter / nft_ct.c
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index b9c8449..38958e0 100644 (file)
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -332,7 +332,7 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
 
 static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = {
        [NFTA_CT_DREG]          = { .type = NLA_U32 },
-       [NFTA_CT_KEY]           = { .type = NLA_U32 },
+       [NFTA_CT_KEY]           = NLA_POLICY_MAX(NLA_BE32, 255),
        [NFTA_CT_DIRECTION]     = { .type = NLA_U8 },
        [NFTA_CT_SREG]          = { .type = NLA_U32 },
 };
Domain: System / Kernel;