Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
include/data_reg.h | 3 ++-
include/linux/netfilter/nf_tables.h | 3 +++
src/expr/data_reg.c | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/include/data_reg.h b/include/data_reg.h
index e7375b8..cf14988 100644
--- a/include/data_reg.h
+++ b/include/data_reg.h
@@ -1,6 +1,7 @@
#ifndef _DATA_H_
#define _DATA_H_
+#include <linux/netfilter/nf_tables.h>
#include <stdint.h>
#include <unistd.h>
@@ -13,7 +14,7 @@ enum {
union nft_data_reg {
struct {
- uint32_t val[4];
+ uint32_t val[NFT_DATA_VALUE_MAXLEN / sizeof(uint32_t)];
uint32_t len;
};
struct {
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 4221a6c..be8584c 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -388,6 +388,9 @@ enum nft_data_attributes {
};
#define NFTA_DATA_MAX (__NFTA_DATA_MAX - 1)
+/* Maximum length of a value */
+#define NFT_DATA_VALUE_MAXLEN 64
+
/**
* enum nft_verdict_attributes - nf_tables verdict netlink attributes
*
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index b4e553e..b5fbdf2 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -467,7 +467,7 @@ __nft_parse_data(union nft_data_reg *data, const struct nlattr *attr)
if (data_len == 0)
return -1;
- if (data_len > sizeof(uint32_t) * 4)
+ if (data_len > sizeof(data->val))
return -1;
memcpy(data->val, orig, data_len);
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
