From: Florian Westphal <fw@strlen.de>
Date: Mon, 12 Nov 2018 17:04:45 +0000 (+0100)
Subject: libxtables: xlate: init buffer to zero
X-Git-Tag: v1.8.2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5edb249b25da2d27bca886eb1aa03e6ce65cc8ca;p=thirdparty%2Fiptables.git

libxtables: xlate: init buffer to zero

Doesn't affect iptables-xlate, but nft (when built w. xtables support).

Without this, nft can print random content if an extension doesn't
add anything to the output xlate buffer, e.g.

-p mh -m mh

can cause nft to print random data after "meta l4proto mobility",
as mh ->xlate doesn't do anything in this case.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 11231fc4..ea9bb102 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2212,6 +2212,7 @@ struct xt_xlate *xt_xlate_alloc(int size)
 	if (xl->buf.data == NULL)
 		xtables_error(RESOURCE_PROBLEM, "OOM");
 
+	xl->buf.data[0] = '\0';
 	xl->buf.size = size;
 	xl->buf.rem = size;
 	xl->buf.off = 0;