From d1c79cdedc2501e51205be930a817fe3842c1d22 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 26 May 2018 19:04:08 +0200
Subject: xtables: allocate struct xt_comment_info for comments

When mapping it to the comment match, otherwise, crash happens when
trying to save the ruleset listing.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'iptables')

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 4db2832d..1d9554d3 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -20,6 +20,7 @@
 #include <xtables.h>
 
 #include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/xt_comment.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/rule.h>
@@ -554,7 +555,8 @@ void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
 		if (match == NULL)
 			return;
 
-		m = calloc(1, sizeof(struct xt_entry_match) + len);
+		m = calloc(1, sizeof(struct xt_entry_match) +
+			      sizeof(struct xt_comment_info));
 		if (m == NULL) {
 			fprintf(stderr, "OOM");
 			exit(EXIT_FAILURE);
-- 
cgit v1.2.3