netfilter: nf_tables: limit allowed range via nla_policy

[linux-2.6-microblaze.git] / net / netfilter / nft_tunnel.c

diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c
index b059aa5..9f21953 100644 (file)
--- a/net/netfilter/nft_tunnel.c
+++ b/net/netfilter/nft_tunnel.c
@@ -66,9 +66,9 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr,
 }
 
 static const struct nla_policy nft_tunnel_policy[NFTA_TUNNEL_MAX + 1] = {
-       [NFTA_TUNNEL_KEY]       = { .type = NLA_U32 },
+       [NFTA_TUNNEL_KEY]       = NLA_POLICY_MAX(NLA_BE32, 255),
        [NFTA_TUNNEL_DREG]      = { .type = NLA_U32 },
-       [NFTA_TUNNEL_MODE]      = { .type = NLA_U32 },
+       [NFTA_TUNNEL_MODE]      = NLA_POLICY_MAX(NLA_BE32, 255),
 };
 
 static int nft_tunnel_get_init(const struct nft_ctx *ctx,