diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-26 19:04:08 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-26 19:12:46 +0200 |
commit | d1c79cdedc2501e51205be930a817fe3842c1d22 (patch) | |
tree | 38285c5cc87830bd2f4e0988f33ee3df43a6908b /iptables | |
parent | 4e2020952d6f9a8b1b271706dfa72c0c76e804a0 (diff) |
xtables: allocate struct xt_comment_info for comments
When mapping it to the comment match, otherwise, crash happens when
trying to save the ruleset listing.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-shared.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 4db2832d..1d9554d3 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -20,6 +20,7 @@ #include <xtables.h> #include <linux/netfilter/nf_tables.h> +#include <linux/netfilter/xt_comment.h> #include <libmnl/libmnl.h> #include <libnftnl/rule.h> @@ -554,7 +555,8 @@ void nft_rule_to_iptables_command_state(struct nftnl_rule *r, if (match == NULL) return; - m = calloc(1, sizeof(struct xt_entry_match) + len); + m = calloc(1, sizeof(struct xt_entry_match) + + sizeof(struct xt_comment_info)); if (m == NULL) { fprintf(stderr, "OOM"); exit(EXIT_FAILURE); |