projects / platform / kernel / linux-starfive.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
netfilter: nf_tables: limit allowed range via nla_policy
[platform/kernel/linux-starfive.git] / net / netfilter / nft_hash.c
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index ee8d487..92d47e4 100644 (file)
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -59,7 +59,7 @@ static void nft_symhash_eval(const struct nft_expr *expr,
 static const struct nla_policy nft_hash_policy[NFTA_HASH_MAX + 1] = {
        [NFTA_HASH_SREG]        = { .type = NLA_U32 },
        [NFTA_HASH_DREG]        = { .type = NLA_U32 },
-       [NFTA_HASH_LEN]         = { .type = NLA_U32 },
+       [NFTA_HASH_LEN]         = NLA_POLICY_MAX(NLA_BE32, 255),
        [NFTA_HASH_MODULUS]     = { .type = NLA_U32 },
        [NFTA_HASH_SEED]        = { .type = NLA_U32 },
        [NFTA_HASH_OFFSET]      = { .type = NLA_U32 },
Domain: System / Kernel;