From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 26 May 2018 17:04:08 +0000 (+0200)
Subject: xtables: allocate struct xt_comment_info for comments
X-Git-Tag: v1.8.0~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1c79cdedc2501e51205be930a817fe3842c1d22;p=thirdparty%2Fiptables.git

xtables: allocate struct xt_comment_info for comments

When mapping it to the comment match, otherwise, crash happens when
trying to save the ruleset listing.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 4db2832d..1d9554d3 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -20,6 +20,7 @@
 #include <xtables.h>
 
 #include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/xt_comment.h>
 
 #include <libmnl/libmnl.h>
 #include <libnftnl/rule.h>
@@ -554,7 +555,8 @@ void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
 		if (match == NULL)
 			return;
 
-		m = calloc(1, sizeof(struct xt_entry_match) + len);
+		m = calloc(1, sizeof(struct xt_entry_match) +
+			      sizeof(struct xt_comment_info));
 		if (m == NULL) {
 			fprintf(stderr, "OOM");
 			exit(EXIT_FAILURE);