netfilter: nf_tables: limit allowed range via nla_policy

[linux-2.6-microblaze.git] / net / netfilter / nft_bitwise.c

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 84eae7c..14e3c44 100644 (file)
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -86,7 +86,7 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
        [NFTA_BITWISE_LEN]      = { .type = NLA_U32 },
        [NFTA_BITWISE_MASK]     = { .type = NLA_NESTED },
        [NFTA_BITWISE_XOR]      = { .type = NLA_NESTED },
-       [NFTA_BITWISE_OP]       = { .type = NLA_U32 },
+       [NFTA_BITWISE_OP]       = NLA_POLICY_MAX(NLA_BE32, 255),
        [NFTA_BITWISE_DATA]     = { .type = NLA_NESTED },
 };