diff options
author | Patrick McHardy <kaber@trash.net> | 2015-03-01 10:28:02 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2015-04-14 07:56:28 +0100 |
commit | 242978b5c98c98c125c73ae76abd76e0e672d769 (patch) | |
tree | 512f7e667ff592ea60a506c1b9b1277441e7f1d6 | |
parent | 8334c0462684d197b06160f55a110810a949016e (diff) |
data: increase maximum possible data size
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | include/data_reg.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 3 | ||||
-rw-r--r-- | src/expr/data_reg.c | 2 |
3 files changed, 6 insertions, 2 deletions
diff --git a/include/data_reg.h b/include/data_reg.h index e7375b8..cf14988 100644 --- a/include/data_reg.h +++ b/include/data_reg.h @@ -1,6 +1,7 @@ #ifndef _DATA_H_ #define _DATA_H_ +#include <linux/netfilter/nf_tables.h> #include <stdint.h> #include <unistd.h> @@ -13,7 +14,7 @@ enum { union nft_data_reg { struct { - uint32_t val[4]; + uint32_t val[NFT_DATA_VALUE_MAXLEN / sizeof(uint32_t)]; uint32_t len; }; struct { diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 4221a6c..be8584c 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -388,6 +388,9 @@ enum nft_data_attributes { }; #define NFTA_DATA_MAX (__NFTA_DATA_MAX - 1) +/* Maximum length of a value */ +#define NFT_DATA_VALUE_MAXLEN 64 + /** * enum nft_verdict_attributes - nf_tables verdict netlink attributes * diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c index b4e553e..b5fbdf2 100644 --- a/src/expr/data_reg.c +++ b/src/expr/data_reg.c @@ -467,7 +467,7 @@ __nft_parse_data(union nft_data_reg *data, const struct nlattr *attr) if (data_len == 0) return -1; - if (data_len > sizeof(uint32_t) * 4) + if (data_len > sizeof(data->val)) return -1; memcpy(data->val, orig, data_len); |