nft: ruleparse: Add missing braces around ternary

The expression evaluated the sum before the ternay, consequently not
adding target->size if tgsize was zero.

Identified by ASAN for a simple rule using standard target:
| # ebtables -A INPUT -s de:ad:be:ef:0:00 -j RETURN
| # ebtables -D INPUT -s de:ad:be:ef:0:00 -j RETURN
| =================================================================
| ==18925==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000000120 at pc 0x7f627a4c75c5 bp 0x7ffe882b5180 sp 0x7ffe882b4928
| READ of size 8 at 0x603000000120 thread T0
| [...]

Fixes: 2a6eee89083c8 ("nft-ruleparse: Introduce nft_create_target()")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-ruleparse.c b/iptables/nft-ruleparse.c
index 0bbdf44fafe03d7387a0ec9e6e3eef364e00d7d1..3b1cbe4fa14990d77a14d622b8dd34a94b61606d 100644 (file)
--- a/iptables/nft-ruleparse.c
+++ b/iptables/nft-ruleparse.c
@@ -94,7 +94,7 @@ __nft_create_target(struct nft_xt_ctx *ctx, const char *name, size_t tgsize)
        if (!target)
                return NULL;
 
-       size = XT_ALIGN(sizeof(*target->t)) + tgsize ?: target->size;
+       size = XT_ALIGN(sizeof(*target->t)) + (tgsize ?: target->size);
 
        target->t = xtables_calloc(1, size);
        target->t->u.target_size = size;