From 3620cf73a4e58e08891d3188a6a4c06a16546fe0 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Mon, 22 Jul 2019 17:34:25 +0200
Subject: [PATCH] ruleset: Avoid reading garbage in nftnl_ruleset_cb()
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
Upstream Status: libnftnl commit dbaf6ea8f6a1a
commit dbaf6ea8f6a1a1e7f1d5abc2e4e2fef891c471b7
Author: Phil Sutter <phil@nwl.cc>
Date: Thu Dec 14 20:40:23 2017 +0100
ruleset: Avoid reading garbage in nftnl_ruleset_cb()
If nftnl_ruleset_json_parse() is called with arg == NULL, ctx.data is
left uninitialized and will later be used in nftnl_ruleset_cb(). Avoid
this by using a C99-style initializer for 'ctx' which sets all omitted
fields to zero.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/ruleset.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/ruleset.c b/src/ruleset.c
index 3de9b87..cf86ca6 100644
--- a/src/ruleset.c
+++ b/src/ruleset.c
@@ -519,11 +519,11 @@ static int nftnl_ruleset_json_parse(const void *json,
json_error_t error;
int i, len;
const char *key;
- struct nftnl_parse_ctx ctx;
-
- ctx.cb = cb;
- ctx.format = type;
- ctx.flags = 0;
+ struct nftnl_parse_ctx ctx = {
+ .cb = cb,
+ .format = type,
+ .flags = 0,
+ };
ctx.set_list = nftnl_set_list_alloc();
if (ctx.set_list == NULL)
--
1.8.3.1