netfilter: ebtables: do centralized size checking

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>

1 files changed, 4 insertions, 5 deletions

diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 36efb3a7524..554dd68637c 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -13,14 +13,14 @@
  *
  *  Jan, 2008
  */
-
-#include <linux/netfilter_bridge/ebtables.h>
-#include <linux/netfilter_bridge/ebt_ip6.h>
 #include <linux/ipv6.h>
 #include <net/ipv6.h>
 #include <linux/in.h>
 #include <linux/module.h>
 #include <net/dsfield.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_ip6.h>
 
 struct tcpudphdr {
         __be16 src;
@@ -97,8 +97,6 @@ static int ebt_ip6_check(const char *tablename, unsigned int hookmask,
 {
         struct ebt_ip6_info *info = (struct ebt_ip6_info *)data;
 
-        if (datalen != EBT_ALIGN(sizeof(struct ebt_ip6_info)))
-                return -EINVAL;
         if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
                 return -EINVAL;
         if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
@@ -125,6 +123,7 @@ static struct ebt_match filter_ip6 =
         .name           = EBT_IP6_MATCH,
         .match          = ebt_filter_ip6,
         .check          = ebt_ip6_check,
+        .matchsize      = XT_ALIGN(sizeof(struct ebt_ip6_info)),
         .me             = THIS_MODULE,
 };