Message ID | 20180526170713.5044-2-pablo@netfilter.org |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | [1/2,iptables] xtables: use libnftnl batch API | expand |
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 4db2832d459b..1d9554d36eeb 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -20,6 +20,7 @@ #include <xtables.h> #include <linux/netfilter/nf_tables.h> +#include <linux/netfilter/xt_comment.h> #include <libmnl/libmnl.h> #include <libnftnl/rule.h> @@ -554,7 +555,8 @@ void nft_rule_to_iptables_command_state(struct nftnl_rule *r, if (match == NULL) return; - m = calloc(1, sizeof(struct xt_entry_match) + len); + m = calloc(1, sizeof(struct xt_entry_match) + + sizeof(struct xt_comment_info)); if (m == NULL) { fprintf(stderr, "OOM"); exit(EXIT_FAILURE);
When mapping it to the comment match, otherwise, crash happens when trying to save the ruleset listing. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- iptables/nft-shared.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)