From 074062808c630f2efb55c7093d510b44a38e74e5 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 14 Sep 2017 15:27:47 +0200 Subject: [PATCH] tc: m_xt: Prevent a segfault in libipt Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1465599 Upstream Status: iproute2.git commit f6fc1055e41a8 commit f6fc1055e41a8a924313c336b39b9ffe0c86938b Author: Phil Sutter Date: Tue May 23 15:40:57 2017 +0200 tc: m_xt: Prevent a segfault in libipt This happens with NAT targets, such as SNAT, DNAT and MASQUERADE. These are still not usable with this patch, but at least tc doesn't crash anymore when one tries to use them. Signed-off-by: Phil Sutter --- tc/m_xt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tc/m_xt.c b/tc/m_xt.c index e59df8e10afef..ad52d239caf61 100644 --- a/tc/m_xt.c +++ b/tc/m_xt.c @@ -146,6 +146,9 @@ static int parse_ipt(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) { struct xtables_target *m = NULL; +#if XTABLES_VERSION_CODE >= 6 + struct ipt_entry fw = {}; +#endif struct rtattr *tail; int c; @@ -206,7 +209,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, default: #if XTABLES_VERSION_CODE >= 6 if (m != NULL && m->x6_parse != NULL) { - xtables_option_tpcall(c, argv, 0, m, NULL); + xtables_option_tpcall(c, argv, 0, m, &fw); #else if (m != NULL && m->parse != NULL) { m->parse(c - m->option_offset, argv, 0, -- 2.21.0