summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/rule.h2
-rw-r--r--src/parser_bison.y5
2 files changed, 7 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index bd24648d..7e8daac9 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -428,4 +428,6 @@ enum udata_type {
};
#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+#define UDATA_COMMENT_MAXLEN 128
+
#endif /* NFTABLES_RULE_H */
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 6f51a49d..dfdf2377 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1275,6 +1275,11 @@ ruleid_spec : chain_spec handle_spec position_spec
comment_spec : COMMENT string
{
+ if (strlen($2) > UDATA_COMMENT_MAXLEN) {
+ erec_queue(error(&@2, "comment too long, %d characters maximum allowed", UDATA_COMMENT_MAXLEN),
+ state->msgs);
+ YYERROR;
+ }
$$ = $2;
}
;