From e8a218f27a3d7948697c1c1d8f364af6f65b5ac9 Mon Sep 17 00:00:00 2001
From: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Date: Thu, 3 Oct 2013 16:00:59 +0300
Subject: nft: fix wrong target size

The allocated area was not aligned.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'iptables/nft-shared.c')

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index c9bde90b..25cb1772 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -292,18 +292,21 @@ void nft_parse_target(struct nft_rule_expr *e, struct nft_rule_expr_iter *iter,
 	struct xtables_target *target;
 	struct xt_entry_target *t;
 	struct nft_family_ops *ops;
+	size_t size;
 
 	target = xtables_find_target(targname, XTF_TRY_LOAD);
 	if (target == NULL)
 		return;
 
-	t = calloc(1, sizeof(struct xt_entry_target) + tg_len);
+	size = XT_ALIGN(sizeof(struct xt_entry_target)) + tg_len;
+
+	t = calloc(1, size);
 	if (t == NULL) {
 		fprintf(stderr, "OOM");
 		exit(EXIT_FAILURE);
 	}
 	memcpy(&t->data, targinfo, tg_len);
-	t->u.target_size = tg_len + XT_ALIGN(sizeof(struct xt_entry_target));
+	t->u.target_size = size;
 	t->u.user.revision = nft_rule_expr_get_u32(e, NFT_EXPR_TG_REV);
 	strcpy(t->u.user.name, target->name);
 
-- 
cgit v1.2.3