diff --git a/[refs] b/[refs]
index e4fc89008894..fa284075f860 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: b98b4947cb79d670fceca0e951c092eea93e9baa
+refs/heads/master: 280f37afa2c270ff029cb420b34396aa002909c3
diff --git a/trunk/include/linux/netfilter/xt_cluster.h b/trunk/include/linux/netfilter/xt_cluster.h
index 5e0a0d07b526..886682656f09 100644
--- a/trunk/include/linux/netfilter/xt_cluster.h
+++ b/trunk/include/linux/netfilter/xt_cluster.h
@@ -12,4 +12,6 @@ struct xt_cluster_match_info {
 	u_int32_t		flags;
 };
 
+#define XT_CLUSTER_NODES_MAX	32
+
 #endif /* _XT_CLUSTER_MATCH_H */
diff --git a/trunk/net/netfilter/xt_cluster.c b/trunk/net/netfilter/xt_cluster.c
index 6c4847662b85..69a639f35403 100644
--- a/trunk/net/netfilter/xt_cluster.c
+++ b/trunk/net/netfilter/xt_cluster.c
@@ -135,7 +135,13 @@ static bool xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
 {
 	struct xt_cluster_match_info *info = par->matchinfo;
 
-	if (info->node_mask >= (1 << info->total_nodes)) {
+	if (info->total_nodes > XT_CLUSTER_NODES_MAX) {
+		printk(KERN_ERR "xt_cluster: you have exceeded the maximum "
+				"number of cluster nodes (%u > %u)\n",
+				info->total_nodes, XT_CLUSTER_NODES_MAX);
+		return false;
+	}
+	if (info->node_mask >= (1ULL << info->total_nodes)) {
 		printk(KERN_ERR "xt_cluster: this node mask cannot be "
 				"higher than the total number of nodes\n");
 		return false;