From 074062808c630f2efb55c7093d510b44a38e74e5 Mon Sep 17 00:00:00 2001

From: Phil Sutter <psutter@redhat.com>

Date: Thu, 14 Sep 2017 15:27:47 +0200

Subject: [PATCH] tc: m_xt: Prevent a segfault in libipt

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1465599

Upstream Status: iproute2.git commit f6fc1055e41a8

commit f6fc1055e41a8a924313c336b39b9ffe0c86938b

Author: Phil Sutter <psutter@redhat.com>

Date:   Tue May 23 15:40:57 2017 +0200

    tc: m_xt: Prevent a segfault in libipt

    This happens with NAT targets, such as SNAT, DNAT and MASQUERADE. These

    are still not usable with this patch, but at least tc doesn't crash

    anymore when one tries to use them.

    Signed-off-by: Phil Sutter <phil@nwl.cc>

---

 tc/m_xt.c | 5 ++++-

 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tc/m_xt.c b/tc/m_xt.c

index e59df8e..ad52d23 100644

--- a/tc/m_xt.c

+++ b/tc/m_xt.c

@@ -146,6 +146,9 @@ static int parse_ipt(struct action_util *a, int *argc_p,

 		     char ***argv_p, int tca_id, struct nlmsghdr *n)

 {

 	struct xtables_target *m = NULL;

+#if XTABLES_VERSION_CODE >= 6

+	struct ipt_entry fw = {};

+#endif

 	struct rtattr *tail;

 	int c;

@@ -206,7 +209,7 @@ static int parse_ipt(struct action_util *a, int *argc_p,

 		default:

 #if XTABLES_VERSION_CODE >= 6

 			if (m != NULL && m->x6_parse != NULL) {

-				xtables_option_tpcall(c, argv, 0, m, NULL);

+				xtables_option_tpcall(c, argv, 0, m, &fw;;

 #else

 			if (m != NULL && m->parse != NULL) {

 				m->parse(c - m->option_offset, argv, 0,

-- 

1.8.3.1