Unbreak xtables-translate

Fixed commit broke xtables-translate which still relied upon do_parse()
to properly initialize the passed iptables_command_state reference. To
allow for callers to preset fields, this doesn't happen anymore so
do_command_xlate() has to initialize itself. Otherwise garbage from
stack is read leading to segfaults and program aborts.

Although init_cs callback is used by arptables only and
arptables-translate has not been implemented, do call it if set just to
avoid future issues.

Fixes: cfdda18044d81 ("nft-shared: Introduce init_cs family ops callback")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Tested-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index 086b85d2f9ceffac657b586e213374b74943c417..e2948c5009dd605841f32d8b4fba63e62bf474b1 100644 (file)
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -253,11 +253,18 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[],
                .restore        = restore,
                .xlate          = true,
        };
-       struct iptables_command_state cs;
+       struct iptables_command_state cs = {
+               .jumpto = "",
+               .argv = argv,
+       };
+
        struct xtables_args args = {
                .family = h->family,
        };
 
+       if (h->ops->init_cs)
+               h->ops->init_cs(&cs);
+
        do_parse(h, argc, argv, &p, &cs, &args);
 
        cs.restore = restore;