tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nft_compat: narrow down revision to unsigned 8-bits
xt_find_revision() expects u8, restrict it to this datatype.
Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+3
-3
+3
-3
net/netfilter/nft_compat.c
+3
-3
net/netfilter/nft_compat.c
···
135
135
136
136
static const struct nla_policy nft_target_policy[NFTA_TARGET_MAX + 1] = {
137
137
[NFTA_TARGET_NAME] = { .type = NLA_NUL_STRING },
138
-
[NFTA_TARGET_REV] = { .type = NLA_U32 },
138
+
[NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),
139
139
[NFTA_TARGET_INFO] = { .type = NLA_BINARY },
140
140
};
141
141
···
419
419
420
420
static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
421
421
[NFTA_MATCH_NAME] = { .type = NLA_NUL_STRING },
422
-
[NFTA_MATCH_REV] = { .type = NLA_U32 },
422
+
[NFTA_MATCH_REV] = NLA_POLICY_MAX(NLA_BE32, 255),
423
423
[NFTA_MATCH_INFO] = { .type = NLA_BINARY },
424
424
};
425
425
···
724
724
static const struct nla_policy nfnl_compat_policy_get[NFTA_COMPAT_MAX+1] = {
725
725
[NFTA_COMPAT_NAME] = { .type = NLA_NUL_STRING,
726
726
.len = NFT_COMPAT_NAME_MAX-1 },
727
-
[NFTA_COMPAT_REV] = { .type = NLA_U32 },
727
+
[NFTA_COMPAT_REV] = NLA_POLICY_MAX(NLA_BE32, 255),
728
728
[NFTA_COMPAT_TYPE] = { .type = NLA_U32 },
729
729
};
730
730