From 3620cf73a4e58e08891d3188a6a4c06a16546fe0 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Mon, 22 Jul 2019 17:34:25 +0200
Subject: [PATCH] ruleset: Avoid reading garbage in nftnl_ruleset_cb()

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510538
Upstream Status: libnftnl commit dbaf6ea8f6a1a

commit dbaf6ea8f6a1a1e7f1d5abc2e4e2fef891c471b7
Author: Phil Sutter <phil@nwl.cc>
Date:   Thu Dec 14 20:40:23 2017 +0100

    ruleset: Avoid reading garbage in nftnl_ruleset_cb()

    If nftnl_ruleset_json_parse() is called with arg == NULL, ctx.data is
    left uninitialized and will later be used in nftnl_ruleset_cb(). Avoid
    this by using a C99-style initializer for 'ctx' which sets all omitted
    fields to zero.

    Signed-off-by: Phil Sutter <phil@nwl.cc>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/ruleset.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/ruleset.c b/src/ruleset.c
index 3de9b87..cf86ca6 100644
--- a/src/ruleset.c
+++ b/src/ruleset.c
@@ -519,11 +519,11 @@ static int nftnl_ruleset_json_parse(const void *json,
 	json_error_t error;
 	int i, len;
 	const char *key;
-	struct nftnl_parse_ctx ctx;
-
-	ctx.cb = cb;
-	ctx.format = type;
-	ctx.flags = 0;
+	struct nftnl_parse_ctx ctx = {
+		.cb = cb,
+		.format = type,
+		.flags = 0,
+	};
 
 	ctx.set_list = nftnl_set_list_alloc();
 	if (ctx.set_list == NULL)
-- 
1.8.3.1