netfilter: nf_tables: validate len in nft_validate_data_load()

[mirror_ubuntu-bionic-kernel.git] / net / bridge / netfilter / nft_meta_bridge.c

diff --git a/net/bridge/netfilter/nft_meta_bridge.c b/net/bridge/netfilter/nft_meta_bridge.c
index 4f02109d708f811bd49f79b08adab4979692130a..2011b89690f761426195381593e2a4ebdb45cdc7 100644 (file)
--- a/net/bridge/netfilter/nft_meta_bridge.c
+++ b/net/bridge/netfilter/nft_meta_bridge.c
@@ -53,12 +53,14 @@ static int nft_meta_bridge_get_init(const struct nft_ctx *ctx,
                                    const struct nlattr * const tb[])
 {
        struct nft_meta *priv = nft_expr_priv(expr);
+       unsigned int len;
        int err;
 
        priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));
        switch (priv->key) {
        case NFT_META_BRI_IIFNAME:
        case NFT_META_BRI_OIFNAME:
+               len = IFNAMSIZ;
                break;
        default:
                return nft_meta_get_init(ctx, expr, tb);
@@ -69,7 +71,8 @@ static int nft_meta_bridge_get_init(const struct nft_ctx *ctx,
        if (err < 0)
                return err;
 
-       err = nft_validate_data_load(ctx, priv->dreg, NULL, NFT_DATA_VALUE);
+       err = nft_validate_data_load(ctx, priv->dreg, NULL,
+                                    NFT_DATA_VALUE, len);
        if (err < 0)
                return err;