optimize: Do not return garbage from stack

commit d4d47e5bdf943be494aeb5d5a29b8f5212acbddf upstream.

If input does not contain a single 'add' command (unusual, but
possible), 'ret' value was not initialized by nft_optimize() before
returning its value.

Fixes: fb298877ece27 ("src: add ruleset optimization infrastructure")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/src/optimize.c b/src/optimize.c
index 13aa1acc33f285cb55d5503a335a5c874ceccd85..d592aee02e14e7590ebe97f86b1e1cc2886b3d5d 100644 (file)
--- a/src/optimize.c
+++ b/src/optimize.c
@@ -1215,7 +1215,7 @@ static int cmd_optimize(struct nft_ctx *nft, struct cmd *cmd)
 int nft_optimize(struct nft_ctx *nft, struct list_head *cmds)
 {
        struct cmd *cmd;
-       int ret;
+       int ret = 0;
 
        list_for_each_entry(cmd, cmds, list) {
                switch (cmd->op) {