xtables: allocate struct xt_comment_info for comments

When mapping it to the comment match, otherwise, crash happens when
trying to save the ruleset listing.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 4db2832d459bf865a4e7533ce8c1ca7c364c1f57..1d9554d36eeb1a0d1fe5c997df6709622a3e4a5e 100644 (file)
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -20,6 +20,7 @@
 #include <xtables.h>
 
 #include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/xt_comment.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/rule.h>
@@ -554,7 +555,8 @@ void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
                if (match == NULL)
                        return;
 
-               m = calloc(1, sizeof(struct xt_entry_match) + len);
+               m = calloc(1, sizeof(struct xt_entry_match) +
+                             sizeof(struct xt_comment_info));
                if (m == NULL) {
                        fprintf(stderr, "OOM");
                        exit(EXIT_FAILURE);