From 721bb877b759a0c92e6b019447fd3ee33d123cc0 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 15 Mar 2019 17:50:10 +0100
Subject: [PATCH] ip{, 6}tables-restore: Fix for uninitialized array 'curtable'
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
Upstream Status: iptables commit 4e499d53d558b
commit 4e499d53d558bed55c8fe74390250dbfd6da3efc
Author: Phil Sutter <phil@nwl.cc>
Date: Wed Sep 19 15:16:46 2018 +0200
ip{, 6}tables-restore: Fix for uninitialized array 'curtable'
When reading sufficiently malformed input, parser might hit end of
loop without having written the current table name into curtable and
therefore calling strcmp() with uninitialized buffer. Avoid this by
setting curtable to zero upon declaration.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
iptables/ip6tables-restore.c | 2 +-
iptables/iptables-restore.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index e2a82c57bd426..d610360a1c1ff 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -192,7 +192,7 @@ int ip6tables_restore_main(int argc, char *argv[])
struct xtc_handle *handle = NULL;
char buffer[10240];
int c, lock;
- char curtable[XT_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index af0c79408631d..db77fb77b3c98 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -191,7 +191,7 @@ iptables_restore_main(int argc, char *argv[])
struct xtc_handle *handle = NULL;
char buffer[10240];
int c, lock;
- char curtable[XT_TABLE_MAXNAMELEN + 1];
+ char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
FILE *in;
int in_table = 0, testing = 0;
const char *tablename = NULL;
--
2.21.0