xtables-compat: truncate comments to 254 bytes

Kernel clamps udata size at 256 bytes, udata size however also includes
internal bookkeeping which brings us over this limit.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft.c b/iptables/nft.c
index c18798c985911471102bd7e91daf28571a17cead..e7cb827bb132778eacc0e8000616de583bca1d2e 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1041,12 +1041,14 @@ enum udata_type {
 int add_comment(struct nftnl_rule *r, const char *comment)
 {
        struct nftnl_udata_buf *udata;
+       char comm[254];
 
        udata = nftnl_udata_buf_alloc(NFT_USERDATA_MAXLEN);
        if (!udata)
                return -ENOMEM;
 
-       if (!nftnl_udata_put_strz(udata, UDATA_TYPE_COMMENT, comment))
+       snprintf(comm, sizeof(comm), "%s", comment);
+       if (!nftnl_udata_put_strz(udata, UDATA_TYPE_COMMENT, comm))
                return -ENOMEM;
        nftnl_rule_set_data(r, NFTNL_RULE_USERDATA,
                            nftnl_udata_buf_data(udata),