From 3620cf73a4e58e08891d3188a6a4c06a16546fe0 Mon Sep 17 00:00:00 2001

From: Phil Sutter <psutter@redhat.com>

Date: Mon, 22 Jul 2019 17:34:25 +0200

Subject: [PATCH] ruleset: Avoid reading garbage in nftnl_ruleset_cb()

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538

Upstream Status: libnftnl commit dbaf6ea8f6a1a

commit dbaf6ea8f6a1a1e7f1d5abc2e4e2fef891c471b7

Author: Phil Sutter <phil@nwl.cc>

Date:   Thu Dec 14 20:40:23 2017 +0100

    ruleset: Avoid reading garbage in nftnl_ruleset_cb()

    If nftnl_ruleset_json_parse() is called with arg == NULL, ctx.data is

    left uninitialized and will later be used in nftnl_ruleset_cb(). Avoid

    this by using a C99-style initializer for 'ctx' which sets all omitted

    fields to zero.

    Signed-off-by: Phil Sutter <phil@nwl.cc>

    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

---

 src/ruleset.c | 10 +++++-----

 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/ruleset.c b/src/ruleset.c

index 3de9b87..cf86ca6 100644

--- a/src/ruleset.c

+++ b/src/ruleset.c

@@ -519,11 +519,11 @@ static int nftnl_ruleset_json_parse(const void *json,

 	json_error_t error;

 	int i, len;

 	const char *key;

-	struct nftnl_parse_ctx ctx;

-

-	ctx.cb = cb;

-	ctx.format = type;

-	ctx.flags = 0;

+	struct nftnl_parse_ctx ctx = {

+		.cb = cb,

+		.format = type,

+		.flags = 0,

+	};

 	ctx.set_list = nftnl_set_list_alloc();

 	if (ctx.set_list == NULL)

-- 

1.8.3.1