ip{, 6}tables-restore: Fix for uninitialized array 'curtable'

When reading sufficiently malformed input, parser might hit end of
loop without having written the current table name into curtable and
therefore calling strcmp() with uninitialized buffer. Avoid this by
setting curtable to zero upon declaration.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index 51294f24ec90417743149abf01896e2991053c6c..2bb303ac755b64e86091aa1aaeab8dbd2f86cdda 100644 (file)
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -84,7 +84,7 @@ int ip6tables_restore_main(int argc, char *argv[])
        struct xtc_handle *handle = NULL;
        char buffer[10240];
        int c, lock;
-       char curtable[XT_TABLE_MAXNAMELEN + 1];
+       char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
        FILE *in;
        int in_table = 0, testing = 0;
        const char *tablename = NULL;

diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index f596b46c7dce2ff4c76c1584270dc6ae3815dbf7..5c211d07fa4532eea27e73df92f7cf381ed3b080 100644 (file)
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -82,7 +82,7 @@ iptables_restore_main(int argc, char *argv[])
        struct xtc_handle *handle = NULL;
        char buffer[10240];
        int c, lock;
-       char curtable[XT_TABLE_MAXNAMELEN + 1];
+       char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
        FILE *in;
        int in_table = 0, testing = 0;
        const char *tablename = NULL;